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Preface 



This volume contains the proceedings of the 10th International Conference on 
Rewriting Techniques and Applications held from July 2-4, 1999 in Trento, Italy, 
as part of the Federated Logic Conference (FLoC’99). The RTA conferences are 
dedicated to all aspects of term, string and graph rewriting as well as their 
applications such as lambda calculi, theorem-proving, functional programming, 
decision procedures. 

The program committee selected 23 papers as well as 4 system descriptions 
from 53 submissions of overall high quality (46 regular papers and 7 systems 
descriptions) . The papers cover a wide range of topics: constraint solving, termi- 
nation, deduction and higher-order rewriting, graphs, complexity, tree automata, 
context-sensitive rewriting, string rewriting and numeration systems ... by au- 
thors from countries including: France, Germany, India, Israel, Italy, Japan, The 
Netherlands, Poland, Portugal, Spain, USA. 

B. Courcelle (Univ. Bordeaux) and F. Otto (Univ. Kassel) presented in- 
vited talks, on graph grammars and connections between rewriting and formal 
language theory respectively. F. van Raamsdonk (CWI, Amsterdam) gave an 
invited tutorial on higher-order rewriting. 

We would like to thank the external reviewers for their contribution to prepar- 
ing the program and Horatiu Cirstea for his help in maintaining the web server 
of the program committee. 
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Solved Forms for Path Ordering Constraints 



Robert Nieuwenhuis and Jose Miguel Rivero* 



Technical University of Catalonia, Dept. LSI, 
Jordi Girona 1, 08034 Barcelona, Spain 
robertoSlsi .upc . es, riveroOlsi .upc . es 



Abstract. A nsnal technique in symbolic constraint solving is to apply 
transformation rules until a solved form is reached for which the problem 
becomes simple. Ordering constraints are well-known to be reducible to 
(a disjunction of) solved forms, but unfortunately no polynomial algo- 
rithm deciding the satisfiability of these solved forms is known. 

Here we deal with a different notion of solved form, where fundamental 
properties of orderings like transitivity and monotonicity are taken into 
account. This leads to a new family of constraint solving algorithms 
for the full recursive path ordering with status (RPOS), and hence as 
well for other path orderings like LPO, MPO, KNS and RDO, and for 
all possible total precedences and signatures. Apart from simplicity and 
elegance from the theoretical point of view, the main contribution of 
these algorithms is on efficiency in practice. Since guessing is minimized, 
and, in particular, no linear orderings between the subterms axe guessed, 
a practical improvement in performance of several orders of magnitude 
over previous algorithms is obtained, as shown by our experiments. 



1 Introduction 

An ordering constraint is a quantifier-free first-order formula built over the 
binary predicate symbols ‘>’ and ‘=’ which, respectively, denote a given path 
ordering and a congruence = on ground terms. A solution of a constraint C is 
a ground substitution a such that Ccr evaluates to true under the given and 
=. If C has a solution it is called satisfiable. Such constraints have many inter- 
esting applications like pruning the search space in automated theorem proving 
or deciding the confluence of ordered rewrite systems 
They also provide powerful decidable constraint-based termination orderings >~c 
for term rewriting, defined s ;^c ^ if scr ta for all ground a. If is the lexico- 
graphic path ordering (LPO) or the recursive path ordering with status (RPOS), 
such subsume other path orderings like the ones since all 

these path orderings coincide on ground terms (see For example, if s 

is g{f{x),f{y)) and t is g{g{x,y), g{x,y)), and / 5 in the precedence, then 

S )/-rpo t, but S t. 

The first practical applications of ordering constraints gave rise to the distinc- 
tion between fixed signature semantics (solutions are built over a given signature 

* Both authors partially supported by the ESPRIT Basic Research WG CCL-II. 

P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 1^^| 1999. 

© Springer-Verlag Berlin Heidelberg 1999 



2 



R. Nieuwenhuis, J. Miguel Rivero 



J-) and extended signature semantics (new symbols are allowed to appear in solu- 
tions) The satisfiability problem for ordering constraints was first shown 

decidable for fixed signatures when is a total LPO or a total RPOS 

For extended signatures, decidability was shown for LPO in and 



Regarding complexity, NP algorithms for LPO (fixed and 

Very re- 



fer RPO in 

extended signatures) and RPO (extended ones) were given in 
cently, an NP algorithm has been given as well for RPO under fixed signatures in 
NP-hardness of the satisfiability problem is known, even for one single 
inequation, for all these cases All these decision procedures use at some 

point the fact that a constraint C can be effectively expressed as an equivalent 
disjunction of expressions si > A . . . A s„ > tn, called solved forms in 
where for each i always si or U is a variable. 

Q, the computation of solved 



In algorithms like the ones of and Q 

forms is only a first step that is followed by other exponential phases. This is not 
surprising, since this notion of solved form only involves a local analysis of the 
inequalities considered independently. In fact any constraint s > t can trivially 
be put into the equivalent (under extended signatures) solved form s > xAx > t, 
for some new variable x. This gives some intuition why this notion of solved form 
needs to be refined and, in particular, why transitivity through variables needs 
to be considered. 



and 



J are not very 



On the other hand, the NP algorithms of Q 
useful in practice, since they are based on a first very expensive guess of a simple 
system for C, a particular constraint S of the form s„ Sn-i ffn-i ■ ■ ■ #i sq, 
where each is either = or >, and {s„, . . . , si} is the set of all subterms of C. In 
^0^9 it is shown that, roughly, C is satisfiable under extended signatures if, and 
only if, some simple system contains one of its own solved forms and entails C. 
This can be checked in polynomial time, but the number of simple systems to be 
considered is far too large for practical usefulness. For fixed signature semantics 
in both LPO and RPO, this notion of simple systems is still insufficient and 
more guesses are needed. 



In this paper we introduce some new notions of solved form, where, in ad- 
dition to the closure under the classical RPOS decomposition rules, a restricted 
form of transitivity through variables is applied. It is proved that if C is a normal 
form in this sense, then it is satisfiable under extended signatures if, and only 
if, it has no cycle (Section H. 

For fixed signatures (Section H a slightly different transitivity rule is used. 
First, several particular cases of signatures are considered for which more effi- 
cient methods than the general one apply. The cases depend on whether (1) the 
smallest non-constant symbol / is unary and (2) there is at most one constant 
smaller than /. The following table summarizes the results. For instance, if (1) 
and (2) are true, then satisfiability is again equivalent to the absence of cycles. 
An entry 0 in the table denotes that, for some variables x, its relation with the 
smallest constant 0 needs to be guessed, that is, whether a; = 0 or a; > 0. Sim- 
ilarly, an w denotes that for some variables its relation with the smallest limit 
ordinal term uj has to be guessed. 
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Results for fixed signatures 


precondition 


/ e lex 


/ G mul 


1,2 


no cycle ( Section 


no cycle (Section ^3 


1 


no cycle, uj (Section^3 


no cycle, u (Section ^3 


2 


no cycle (Section ^3 


no cycle, uj (Section ^3 


- 


no cycle, uj, 0 (Section ^3 


no cycle, uj (Section ^3 



For the cases marked with oj the problem is split into a natural and a non-natural 
part. The non-natural part is dealt with by cycle detection; the subproblem of 
natural number constraints, i.e., constraints where / is the only non-constant 
symbol and all terms and solutions correspond to the natural number fragment, 
can then be dealt with independently. This problem is solved for the case f G lex 
again by a transitivity closure, but now over the natural number ordering. For 
the case where / is not unary and has multiset status, we rely on the existing 
methods for solving multiset constraints on natural numbers. 

In SectionHwe comment on some implementation issues. As we will show by 
experimental results from an implementation in the Saturate system 
our methods outperform the best previous one (an improvement of as 

implemented in Saturate) by several orders of magnitude for extended signatures 
and for fixed signatures fulfilling the requirements (1) and (2). For other fixed 
signatures, apart from the prohibitive methods guessing linear orderings on all 
subterms of the constraint, no previous algorithms were known. 

2 Path Orderings 

Let T and X be sets of function symbols and variables respectively, and 
let be a total ordering on T (the •precedence). Furthermore let T be the 
disjoint union of two sets lex and mul, the symbols with lexicographic and 
multiset status, respectively, and let =mui denote the equality of terms up to 
the permutation of direct arguments of symbols with multiset status. 

The recursive path ordering (with status) (RPO) on ground terms is defined 
as follows. S — • 5 -^m) ^ rpo ■ ■ ■ 5 ^n) — t iff. 

1 . Si '^rpo t or Si =mui t, for some i with 1 < i < m or 

2 - / 3 ) and s >~rpo tj, for all j with 1 < j < n or 

3- f = 9, f & lex, (si, . . . , s„) (ti, . . . , tn), and s '^rpo tj, for all j with 

1 < j < n 

4. f = g, f & mul, {si, . . .,s„} {h, ...,t„} 

where (si , . . . , ^.pQ {ti, . . . , t^} if ^ n s.t . Sj rpo tj and j si — rnui ti . 

Furthermore, is the multiset extension of >~rpo, defined as the smallest 

ordering such that S' U {s} S' U {ti, . . . , whenever S is equal to S' up 

to =mui and s >rpo ti for all z in 1 ... n. 

The lexicographic path ordering is the particular case of RPO where T = lex, 
and the multiset path ordering (or RPO without status) is the particular case 
where if = mul. 
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3 Ordering Constraints 

An RPO-ordering constraint is a quantifier-free first-order formula built over 
terms in T(lF, A) and over the binary predicate symbols ‘>’ and ‘=’. A solution 

in (iF, of a constraint C is a substitution a with range T (iF) and whose 

domain is a set of variables containing the variables of C, such that Ca evalu- 
ates to true if > and = are interpreted as the RPO defined by Frpo and =mui 
respectively. Then we say that a satisfies C in (iF, >j^). 

By an extension {T' , F:f') of {T, we mean a set of function symbols T' 
with T' ^ T and a total precedence extending We will call a constraint 
C satisfiable under extended signatures if there exists some extension {T' , 
of (iF, in which C is satisfiable. 

4 Solved Forms 

An ordering constraint C can be equivalently expressed without negation 
since s t is equivalent to t > s V t = s, and s yf t is equivalent to t > s V s > F 
Then C can be put into disjunctive normal form, and hence satisfiability has to 
be checked only for conjunctive constraints without negation. In the following we 
will deal with such conjunctions expressed by sets of equalities and inequalities 
between terms. The following (non-confluent) term rewrite system R operates 
on such sets: 



S'U { S > f{ti ...tn)} — 






if top{s) >r f 


S'U{s>t} — 


S' US" 




if top{s) = top{t) G mul and S' G mul{s, t) 


5U { /(si . . .s„) — 


^ S U { Si — tl, . . . , — ti—i^ Si ^ ti 


> f{ti . . .tn) } 


f {si . . . Sn) ^ ,...,y*(si ... Sn) ^ tn } 




for l<z<nif/G lex 


Sul /(si ...Sn)>t} — 


S U { Si = t} 




for 2 < z < n if top{t) = f G lex 


Sul /(Si ...Sn)>t} — 


SU{si>t} 




for 2 < z < rz if top{t) = f G lex 


S'U{a>t} — 


T 




if a is a constant and top{t) >yr a 


5U { /(Si ...Sn)>t} — 


SU{si = t} 




for 1 < z < rz if top{t) >jp / 


5U { /(si ...Sn)>t} — 


SU{si>t} 




for 1 < z < zz if top{t) >jp / 


S'U{s = t} — 


Sa 




if a G mul_unifiers{s, t) 


S'U{s = t} — 


T 




if mul_unifiers{s, t) = % 
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In R the following notation is used: 

1. If s is f{si,...,Sn) and t is /(ti, . . . , then mul{s,t) is the set of all 
constraints of the form 

{ ’^ 7 t ( 1 ) • 5 ^ ^p{i+l)i ■ ■ • ; ^ ^p{n) } 

for permutations tt and p of 1 ... n and i ^ n and Uj G {su-(i+i)) ■ ■ ■ j Sir(n)} 
for all j G z + 1 . . . n. Note that hence the second rule of R illustrates the 
fact that if S 2 then, after removing the proper subset of common 

(w.r.t. =mui) elements on both sides, for each element in S 2 there is a bigger 
one in ^i. 

2. Given two terms s and t, we denote by mul_unifiers{s, t) the set of all unifiers 

modulo =mui of s and t. The term j ■ • ■ j is called a permutation 

of f{ti , . . . , tn) if is a permutation of ti for 1 < i < n and tt is a permutation 
of l...n where n = id if / G lex. Then muljunifiers{s,t) = { a \ a = 
mgu{s,f) and t' is a permutation of t }. 

The termination of R can be shown by a well-founded ordering on sets S 
based on (i) the number of different variables in S, and (ii) on the multiset of 
sizes (in number of symbols) of the (in)equalities in S. See, e.g., Q 
details for the LPO case of the following lemma: 

Lemma 1. R is terminating, and, for each set of equalities and inequalities S, a 
normal form of S with respect to R is either T or a set of inequalities of the form 
s > t where at least one of s and t is a variable. Furthermore, S is satisfiable if, 
and only if, at least one of its normal forms is satisfiable. 

We now introduce our new notion of solved form, which, apart from being a 
normal form with respect to R, is also closed (in some sense) under transitivity 
through variables: 

Definition 1. A solved form S is a set of inequalities (and hence S ^ A) of the 
form s > t where at least one of s and t is a variable, and such that if s > x G S 
and X > t G S for some variable x and non-variable s, then some normal form 
with respect to R of {s > t} is a subset of S. 

Note that deciding whether some normal form of {s > f} is a subset of S can 
be done in polynomial time. It suffices to check whether s where y^po is 

defined as the usual RPO extended with the case s )^rpo t if s > t G S. 

Definition 2. Let S be a set of equalities and inequalities. A solved form S' is 
called a solved form of S if it contains a normal form with respect to R of S. 

Lemma 2. Let S be a set of equalities and inequalities. Then S is satisfiable if, 
and only if, at least one of its solved forms is satisfiable. 

For a given S, its set of solved forms can be computed by rewriting with 
R and closing under the transitivity rule s > x A x > t s > t. Note that 
this process terminates when repeated work is avoided, since at any stage the 
sets contain only relations between subterms of S and the number of different 
such sets that can be obtained is finite. In Sectionjwe will comment on some 
non-trivial implementation issues. 



•iriftsii 
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5 Cycles and Satisfiability over Extended Signatures 

Definition 3. A set of inequalities S has a cycle if {x > ti[x\],xi > t 2 [x 2 \ , ■ ■ ■ , 
Xn-l > tn[x]} C S. 

Lemma 3. Let S be a set of inequalities with a cycle. Then S is unsatisfiable. 

Definition 4. Let S be a solued form. We define >y as the smallest transitive 
relation on Vars{S) such that x >y y whenever x > t[y\ € S. 

Lemma 4. Let S be a solved form with no cycles. Then >y is a well-founded 
strict partial ordering on Vars{S). 

Lemma 5. Let S be a solved form with no cycles and let x be a variable oc- 
curring in S. Furthermore, let S' be the set obtained by removing from S all 
inequalities where x occurs, i.e.. S' = {s>t\s>t^S/\xfi Vars{s > t)}. 
Then S' is a solved form with no cycles. 

Proof. Clearly S' is still in normal form w.r.t. R and has no cycles. We now show 
that S' is still closed under transitivity. Suppose s > y G S' and y > t G S' for 
some variable y ^ x. Then x does not occur in s > t. But then the normal form 
of s > t that belonged to S is still in S' since x does not occur in this normal 
form (the rules of R do not introduce any variables). □ 

Definition 5. Let S be a solved form with no cycles, and let be the 

extension of where T' = T V} {/, 0} and where extends such 

that g >-j:i f >-j:i 0 for all g G T . 

The minimal substitution a for S is defined by induction on >y as follows. 
Let X G Vars{S) and let Ux be the partial substitution defined for the variables 
of S that are smaller than x w.r.t. >y. Then 

— xa = 0 if there is no inequation x > t in S and 
~ xa = fft) if t = maXrpo{s<Jx | a: > s G S'}. 

Theorem 1. Let S be a solved form over (iF,>-j^). Then S is satisfiable over 
some extension of {T, if, and only if, S has no cycle. 

Proof. By Lemmafl S is unsatisfiable if it has some cycle. Now we show that 
if S has no cycle the minimal substitution a in the extension (IF', given in 
DefinitionHis a solution of S. 

We proceed by induction on the number k of variables in S. If fc = 0, then 
S is empty and trivially satisfiable. For the induction step, let a; be a variable 
that is maximal w.r.t. >„ in S, and let S' be the conjunctive constraint obtained 
by removing from S all inequalities where x occurs, i.e., S' = {s>t\s>tG 
S A X ^ Vars{s > t)}. Then by Lemma's' is a solved form with no cycles. 

Now let a' be a with its domain restricted to Vars(S) \ {a;}. Then a' is 
the minimal substitution of S' and hence, by the induction hypothesis, a' is a 
solution for S' . 

To prove that a is indeed a solution of S, it remains to be checked that 
sa Arpo ta for the relations s > t where x appears in s or t. 
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There are six cases: 

1. a; > t[x]. No such inequation exists since this is a cycle. 

2. t[x]p > X with p ^ Then clearly ta[xa]p >~rpo xa by the subterm property 
of RPO. 

3. y > No such inequation exists since x is maximal. 

4. X > t where x ^ Vars{t). Then, since xa = f{t) where t = maXrpo{s<j' \ x > 
s G S}, clearly xa >~rpo ta. 

5. s > X where x ^ Vars(s) and s is not a variable. 

If there is no inequation x > t in S', then xa = 0, and hence sa >~rpo xa. 

If there is at least one inequation x > t in S, then xa = f{u) where u = 
maXrpo{ta' | x > t G S}. By definition of solved form, then S contains 
a normal form with respect to i? of s > t for all x > f G S. Since x ^ 
Vars(s > t), in fact S' contains this solved form and hence sa' >~rpo ter' , and 
sa >~rpo ta, and, in particular, sa >~rpo u. Since top{s) >-j: /, this implies 
sa >~rpo f{u) and sa >~rpo xa. 

6. s[x]p > y where p ^ X and x yf y. We proceed by contradiction. Let s > y be 
an inequality in S of this form such that sa ifrpo yer and where y is minimal 
in >y. Clearly ya 0; hence ya = f{u) where u = maXrpo{ta | y > t G S}. 
We now show that sa >~rpo u, contradicting sa )frpo yer, since top{s) G T 
and hence top{s) /. 

By definition of solved form, S contains a normal form with respect to R 
oi s > t for all y > t G S. For the inequalities in this solved form, either 
X does not occur in them, or else they fall under one of the five previous 
cases, and hence ct is a solution for them, or they have the form s|g > z 
for some variable z with y >„ z, and hence ct is a solution for them by the 
minimality assumption for y. Hence ct is a solution of this solved form and 
hence sa >~rpo u. □ 

6 Fixed Signatures 

Let / be the smallest non-constant symbol in T, and let 0 be the smallest 
constant symbol (and hence the smallest term). In this section we will first 
consider two restrictions: 

1. there is at most one constant symbol smaller than /, and 

2. / is unary 

If {T, satisfies both restrictions, it will be called well-ended. In several fur- 
ther subsections we will show how these restrictions can be dropped at the 
expense of adding some new rules to R. 



6.1 Well-ended Signatures 

Note that in this setting for every ground term t, its successor, the smallest 
term bigger than t, is f{t). We sometimes write /"(t) to denote the n-th successor 
of t. 
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Example 1. Consider the constraint S of the form /(/(O)) > x A f{x) > y > 
z > 0. It is a solved form in the sense of the previous section, and it has no cycle. 
However, it is unsatisfiable over fixed signatures, since it amounts to diophantine 
inequations over the natural numbers: we have 2>a;Aa; + l>?/>z>0. and 
there is no space for both y and z between 2 and 0. 

The previous example shows us that we need to reconsider the definition of 
solved form, since the notion of closure under transitivity used in the previous 
section is too weak for fixed signatures. 

Definition 6. A solved form S is a set of inequalities of the form s > t where 
at least one of s and t is a variable, and such that if s > x G S and x > t G S 
for some non-variable s and variable x, then some normal form with respect to 
R of {s > f{t)} is a subset of S. 



Example 2. (Examplejcontinued) Closing S under the new notion of transitiv- 
ity gives the following. From f{x) > y > z we get f{x) > /(z), which simplifies 
into X > z. This, together with /(/(O)) > x gives /(/(O)) > /(z) which simplifies 
into /(O) > z. This, together with z > 0 gives /(O) > /(O) whose unique normal 
form is T. 

Clearly, like in the previous section, a set of (in) equalities S is satisfiable if, 
and only if, one of its solved forms in this new sense is satisfiable. 

Theorem 2. Let T be a well-ended signature, and let S be a solved form (in 
the sense of Definitions^ over {T, )~r)- Then S is satisfiable in {T, if and 
only if, S has no cycles and 0 > x ^ S. 

Proof. The proof follows the same ideas as the one of Theorem H Note that 
LemmaHstill applies for the new notion of solved form. Of the six cases, the 
first four ones remain equal. The remaining two cases become: 

5. s > a; where x ^ Vars(s) and s is not a variable. 

If there is no inequation x > t in S, then xcr = 0, and hence scr )^rpo xa, 
since 0 > a; is not in S. 

If there is at least one inequation x > t in S, then xcr = /(u) where u = 
maXrpo{tcr' | a; > t G S'}. By the new definition of solved form, then S 
contains a normal form with respect to i? of s > f{t) for all a; > t G S and 
we conclude as in Theorem J 

6. s[a:]p > y where p ^ X and x ^ y. We proceed by contradiction. Let s > y be 

an inequality in S of this form such that scr )frpo ycr and where y is minimal 
in >„. Clearly ya 0, since s is a non-constant term and for any such terms 
so >~rpo 0. Hence ya = f{u) where u = maXrpo{ta | y > t G S|. We now 
show that sa >rpo f{u), contradicting sa )frpo ycr. By the new definition of 
solved form, S contains a normal form with respect to i? of s > f(t) for all 
y > t G S, and we can conclude as in Theorem J □ 
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6.2 At Most One Constant below a Non-unary f E lex 

If / is non-unary and lexicographic, and there is at most one constant below 
/, then the successor of every ground term t is /(O, . . . , 0, t). And then the 
satisfiability of solved forms can be decided by cycle detection as in the previous 
subsection, if everywhere f{t) is replaced by /(O, . . . , 0, t): if s > a; G S' and 
X > t E S for some non-variable s, a variable x, and term t, then now it is 
required that some normal form with respect to i? of {s > /(O, . . . , 0, t)} is a 
subset of S. Similarly, the minimal substitution a for a solved form with no 
cycles S is now defined by taking successors like this: xa = /(0,...,0,t) if 
t = maXrpo{s<Jx I a: > s G S}. From this we get the following: 

Theorem 3. Let be sueh that the smallest non-eonstant symbol f is in 

lex, and there is at most one constant symbol smaller than f. Let S be a solved 
form over Then S is satisfiable in if and only if S has no 

cycles and 0 > x ^ S. 



6.3 More than One Constant below a Unary f 

Assume the signature is ended by g >-jr f a\ >-j: . . . >-jr a„ >-jr 0, with 
n > 0 and where the smallest non-constant symbol / is unary. Then 0 is the 
smallest term, but no longer for every ground term t, its successor is fft). We 
have the following increasing sequence of ground terms: 

0, On, ■■■, oi, /(O), /(a„), . . . , /(ai), /(/(O)), . . . , 5 ( 0 , . . . , 0) = w, f{uj), . . . 

where uj is the first limit ordinal term, that is, the smallest term uj such that 
w )^rpo t for infinitely many terms t. Terms below uj are called natural terms. 
Clearly th e tra nsitivity notion s > x A x > t => s > f{t) applied in the 
Subsection ^3 is now correct only if t is known to be non-natural. In order to 
know whether t is natural or not at the non-ground level, we now add three new 
rules to the rewrite system R that guess for each variable how it is related to uj. 
Let be the set of the following three rules: 

Sla; I — > w } if a; G vars{S) and x > uj ^ S and uj > x ^ S 

S'U{a;>aa} ifa;G vars{S) and x > uj ^ S and uj > x ^ S 

S'U{a;>a;} ifa;G vars{S) and x > uj ^ S and uj > x ^ S 

Now it is clear for every normal form S with respect to R^^ whether a term 
t with variables is natural or not: t is natural if, and only if, it contains only 
symbols smaller than g and variables x for which uj > x E S. Note that in 
practice it is not necessary to guess the relations with uj for all variables, as long 
as for all sides of an inequality it is known whether they are natural or not. For 
example, t is known to be natural if it contains no symbol greater than /, or 
s > t E S for some natural term s, etc. 

Now we can adapt the notion of solved form to include transitivity only for 
non-natural terms, and again a set of (in)equalities S is satisfiable if, and only 
if, one of its solved forms in this new sense is satisfiable. 
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Definition 7. A solved form S is a set of inequalities in normal form w.r.t. 
RU Rui, such that if s > x G S and x > t G S for some non-variable term s, a 
variable x and a non-natural term t, then some normal form with respect to R 
of {s > f{t)} is a subset of S. 

We now split the satisfiability problem for a solved form S in two parts: 
the natural part Sn, and the non-natural one S^:, i.e., Sn = {s > t | s > 
t G S and s and t are natural } and S^j = S \ Sn- The satisfiability of Sn can 
be easily decided. It suffices to express all ground terms as their corresponding 
natural number and terms f’^(x) as x-\-k*{n-\-l). In fact, the resulting problem of 
satisfiability of diophantine inequations is in P, since it can be solved by closure 
under transitivity. Note that this is precisely what was done in the previous 
section at the symbolic level (and hence we will not prove its correctness again 
here): close under the rule x -\- k > y A y > z + fc' => x -\- k > z + fc' + l, 
simplifying the conclusion to get a variable at one of both sides; if no cycle or 
contradiction of the form n > n-\- k appears, then the problem is satisfiable. 

Lemma 6. Let {T, be such that g >-jr f a\ >-j: . . . >-j: a„ >-jr 0, where 
the smallest non-constant symbol f is unary. Let S be a solved form (in the sense 
of Definition^ S over (iF, Then s > t G S for no s that is natural and t 

that is non-natural. 

Proof. Assume such an s > t is in S. 

If s is not a variable, then it is s > a; where x > cv G S. Then, by transitivity, 
a solved form of s > f{uj) is in S. If s is ground, this leads to T by R, and then 
S would be T, contradicting s > t G S. If s is non-ground, it is of the form /"(y) 
for some n > 0, where uj > y G S, and the unique normal form of s > /(w) is 
y > to, which leads to T by transitivity from to > y. 

If s is a variable x, then u > x G S. Then, by transitivity, a solved form 
of tu > f{t) is in S. If t is ground, this leads to T. If t is non-ground, it either 
leads to T or to a solved form where Lv\p > y for some variable y in t such that 
y > oj G S, which leads to T as before. □ 

Theorem 4. Let {fF, yyr) be such that g Ayr f Ayr ai Ayr . . . Ayr a„ Ayr 0, 
where the smallest non-constant symbol f is unary. Let S be a solved form (in 
the sense of Definition!^ over {T, Ayr). Then S is satisfiable in {T, Ayr) if, and 
only if, Sn is satisfiable and S has no cycles. 

Proof. If S is satisfiable then Sn is also satisfiable and S has no cycles. Now 
assume that Sn is satisfiable and S has no cycles. Let (Tn a solution of Sn, and 
we will show that it can be extended to a solution a for the whole S, by building 
the minimal solution a for S,^, starting from ctat. 

First, note that for the inequalities s > t where s is non-natural and t is 
natural, we trivially have sa Arpo ta, since ta is natural, and sa will be non- 
natural: since s either contains some symbol g with g Ayr f, or else some non- 
natural variable x and xa Arpo ^ for all such x. Hence by Lemma^ it only 
remains to check the inequalities between non-natural terms. 

Note that LemmaHstill applies for the new notion of solved form. Of the six 
cases of Theorem J again the first four ones remain equal. The last two cases 
are: 
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5. s > X where x ^ Vars(s) and s is not a variable. 

There is at least one inequation x > t in S, since x > to G S. Then xa = f{u) 
where u = maXrpo{t<j' \ x > t G S'}. By the new definition of solved form, 
then S contains a normal form with respect to i? of s > f{t) for all a; > t G S 
and we conclude as in Theorem ^ 

6. s[a:]p > y where p ^ X and x ^ y. We proceed by contradiction. Let s > y be 

an inequality in S of this form such that sa )/-rpo ycr and where y is minimal 
in >y. Since y is non-natural, ya = f{u) where u = maxrpoitcr \ y > t G Sj, 
and sa >~rpo f(u) follows as in Theorem^ □ 



6.4 When the Smallest Non-constant Symbol f Is Non-unary 

We now also eliminate the restriction that / is unary. We will continue with 
the same methodology as before, using the rules of Rui that guess for each variable 
its relation to u, and splitting the solved forms into the two independent parts: 
the natural and non-natural ones. 

Now different approaches are needed depending on whether / has multiset 
or lexicographic status. 



The Multiset Case If / G mul^ then clearly a term t is natural if, and only if, 
it is built from the smallest non-constant symbol /, constants smaller than / and 
natural variables (i.e., variables x with w > a; G S'). In this sense, the multiset 
case is simpler than the lexicographic one, as we will see. E.g., if / is binary, 
and / ai an 0, we have the following increasing sequence of 

natural ground terms: 

0, Unj ■■■5 Ui, /(0,0), /(0,U7i), fi^Qn^Cln)^ f i 

/(a„_i,a„_i), /(0,a„_2), ..., /(ai,ai), /(O, /(0, 0)), . . . 

and if there is at most one constant below /, we have 

0, /(0,0), /(0,/(0,0)), /(/(0,0),/(0,0)), 

/(0,/(0,/(0,0))), /(/(0,0),/(0,/(0,0))), ... 

Here 0 is still the smallest term, and for every non-natural ground term t, its 
successor is /(O, . . . , 0, t). The smallest non-natural term w is y(0, . . . , 0), where 
g is the smallest symbol bigger than / and than 0. Solving the non-natural part 
can hence be done as for the case of unary /, if everywhere f{t) is replaced by 
/(0,...,0,t). 

The definition of solved form again considers R U R^i , and if s > a; G S' and 
X > t G S for some non-variable s, a variable x, and a non-natural t, then now 
it is required that some normal form with respect to i? of {s > /(O, . . . , 0, t)} 
is a subset of S. Similarly, the minimal substitution a for a solved form with 
no cycles S is now defined by taking successors like this: xa = /(O, . . . , 0, t) if 
t = maXrpo{sax | a; > s G Sj. From this we get the following result: 

Theorem 5. Let (IF, >-j^) be such that the smallest non-constant symbol f is in 
mul. Let S be a solved form over Then S is satisfiable in if 

and only if, Sjv is satisfiable, and S has no cycles. 
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Deciding whether Sn is satisfiable amounts to solving purely natural RPO 
constraints, that is, constraints built only over /, 0, and possibly other constants 
smaller than /, and with solutions over this same signature. If / G lex this is a 
simple problem over the natural numbers, but for / S mul this seems not the 
case. Hence for the moment we propose to use the algorithm of or the 



NP one of 



3 for Sn, which is normally a minor part of S. 



The Lexicographic Case Let be such that / a\ >-jr ... 

On 0, where the smallest non-constant symbol / is in lex (the case with at 
most one constant below / has been treated already in Subsection ^ 3 . Then a 
term like /(a;, 0) can have non-natural instances even if x is instantiated with a 
natural term: e.g., /(a„,0) is precisely ui, the first limit ordinal. If / is binary, 
we have: 

0, an, ..., ai, /(0,0), /(0,a„), ..., /(0,ai), /(0,/(0,0)), 

/(0,/(0,a„)), ..., /(0,/(0,/(0,0))), ..., /(a„,0)... 

Therefore, in order to split the constraint into its natural and non-natural parts, 
we need not only to know the relation between some variables x and uj, but also 
whether a; is 0 or not. Hence the three additional rules of R given in the previous 
subsection become now the following four ones, which we will call Ruifi'- 

iSla; 1-^0} if a; G vars{S) 

iSla; 1 -^ w} if a; G vars{S) 

iS'U{a;>aa} ifa;G vars{S) and x > u ^ S 

iS'U{aa>a;,a;>0} ifa;G vars{S) and {uj>x,x>0}'^S 

As for the remaining rules of R given before, sometimes the application of a rule 
will produce a reduction to _L, and in many case these situations can be foreseen. 
Also, guessing whether a variable a; is 0 is in fact needed only if x appears in 
some term t that is otherwise unknown to be natural or not. Similar efficiency 
issues will be discussed later on. 

For normal forms with respect to Ruj,o, clearly a term is natural if, and only if, 
it is of the form /(O, . . . , 0, /(O, . . . , 0, /(. . . /(O, . . . , 0, t)))) where t is a constant 
smaller than / or a natural variable (i.e., a variable x with oj > x G S), and for 
every non-natural ground term t, its successor is /(O, . . . , 0, t). Again the results 
of the previous section go through if everywhere f{t) is replaced by /(O, . . . , 0, f), 
and we get the following: 

Theorem 6. Let (IF, >-j^) be such that the smallest non-constant symbol f is in 
lex. Let S be a solved form over Then S is satisfiable in if 

and only if, Sn is satisfiable and S has no cycles. 

And here again the satisfiability of the natural part Sn can be decided in 
polynomial time by translation into diophantine inequations of the form x-\-k > y 
or X > y k, which can be handled by transitive closure as in the previous 
subsection. 
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7 Implementation Issues 

Let us first consider a practical improvement obtained by using ’>’ as an 
additional predicate in constraints. This importantly reduces the number of 
solved forms under consideration. For example, the two rules of R for the case 
top{t) /, can now be covered by the single one S'U { /(si , . . . , s„) > t} — > 
S' U { Si > t }. Additional rules for decomposing atoms s > t are defined analo- 
gously to the ones for ’>’. If a new rule SLi{s>t,t>s} — > S U { s = t } 
is added as well, and the notions of cycle and transitivity, etc., are defined as 
expected, it is not difficult to check that all results of the previous sections go 
through. 

7.1 Computing Solved Forms 

We have seen that the constraint satisfiability problem roughly amounts to 
deciding the existence of a solved form with no cycle. Solved forms can be ob- 
tained by computing normal forms with respect to R, adding new inequations 
by application of the transitivity rule, which in turn have to be turned into nor- 
mal form, etc. In order to avoid repeated work, standard methods from theorem 
proving or completion for closing under inference rules can, and have to be, used. 

In our implementation we deal with three sets of inequalities: the old ones, 
that are in normal form and closed under transitivity, the new ones, that are 
in normal form, and an additional set T with the recently added consequences 
under transitivity. Initially old and new are empty, and T contains the set of 
input inequalities. 

The working cycle consists of the following. One normal form w.r.t. R of each 
non-redundant element s > t in T is added to new, where s > f is redundant 
if some normal form of it is a subset of old U new. This can be checked in 
polynomial time by using s t, where y^p^ is defined as the usual RPO 
extended with the case s t if s > t £ old U new. Backtracking on the 

choice of normal form of s > f occurs when a cycle is detected at some point. 
If T is empty, one inequality u > v of new is moved to old and all transitivity 
consequences between u > v and old are put in T. If both T and new are empty, 
and there is no cycle in old then the constraint is satisfiable. 

7.2 Some First Practical Experiments 

We experimented with a Prolog implementation based on the aforemen- 
tioned procedure. In order to obtain objective problem sets, we ran Saturate 
on 10 problems in first-order theorem proving. For each problem, we kept the 
set of all ordering constraints generated during the run. It turned out that for 
only three of the ten problems, on rings, abelian groups, and embedding, re- 
spectively, a statistically significant number of non-trivial constraints were gen- 
erated. In the tables below we show the results for these three problem sets 
comparing ou r New method with the previously best known one Old (an im- 
provement of as it was (quite carefully) implemented in the Saturate 

system, for extended signatures. Times are in milliseconds for Sicstus Prolog 
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3.7.1 on a SUN Ultra 5. The problem sets and test program are available from 
http://www.lsi.upc.es/~roberto. For well-ended fixed signatures very simi- 
lar results are obtained. For other fixed signatures, apart from the prohibitive 
methods guessing linear orderings on all subterms of the constraint, no previous 
algorithms were known. 

The leftmost column Threshold indicates the minimum time in milliseconds 
required for considering a problem. For instance, the first row considers all prob- 
lems of the set, the second row only the ones where at least one of both algorithms 
takes 20 ms or more, etc. Note that for harder problems the improvement ratio 
is higher: 



Constraints from problem Rings 


Threshold 


# Problems 


Total Time Old 


Total Time New 


Improvement Ratio 


0 


977 


62230 


1350 


46.10 


20 


370 


59980 


700 


85.69 


50 


186 


55410 


550 


100.75 


100 


130 


52050 


490 


106.22 


200 


64 


41510 


280 


148.25 


400 


26 


31450 


100 


314.50 


1000 


14 


25200 


50 


504.00 



Constraints from problem Abelian Croups 


Threshold 


# Problems 


Total Time Old 


Total Time New 


Improvement Ratio 


0 


246 


35520 


590 


60.20 


20 


99 


35010 


390 


89.77 


50 


80 


34480 


360 


95.78 


100 


64 


33560 


330 


101.70 


200 


35 


29500 


260 


113.46 


400 


20 


25560 


170 


150.35 


1000 


12 


21680 


120 


180.67 



Constraints from problem Embedding 


Threshold 


# Problems 


Total Time Old 


Total Time New 


Improvement Ratio 


0 


814 


78000 


1170 


66.67 


20 


349 


76470 


500 


152.94 


50 


185 


72290 


180 


401.61 


100 


117 


67660 


120 


563.83 


200 


53 


59080 


50 


1181.60 


400 


27 


52120 


30 


1737.33 


1000 


13 


40960 


10 


4096.00 



8 Conclusions and Further Work 

We have shown that, for an adequate notion of solved form, simply based on 
RPO decomposition and transitivity, deciding the satisfiability of path ordering 
constraints roughly amounts to solved form computation and cycle detection. 

This leads to new algorithms that, we believe, are currently the best choice for 
path ordering constraint solving under all possible precedences and semantics. 
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Although it is not very relevant from the practical point of view, it seems 
quite clear that, when more carefully formulated, our algorithms can be shown 
to be in NP. First one guesses a rewrite derivation with R (and R^) or if 
needed) into a normal form. While doing this, in order to avoid the creation of 
terms of exponential size, a different treatment for the equality relation is needed 
(see For the cases where S is split into Sn and at some point also 

the satisfiability of Sn has to be checked (which is in P if / G ^ea;, and requires 
to apply the NP algorithm of if / G mul). 

We believe that more practical algorithms can be found for purely natural 
multiset constraints; this is also the subject of further work. 



References 



CNNR98. Hubert Comon, Paliath Narendran, Robert Nieuwenhuis, and Michael Rusi- 
nowitch. Decision problems in ordered rewriting. In 13th IEEE Symp. Logic 
in Comp. Sc. (LICS), pages 410-422, Indianapolis, USA, 1998. 

Com90. Hubert Comon. Solving symbolic ordering constraints. International Jour- 
nal of Eoundations of Computer Science, 1(4):387-411, 1990. 

CT94. Hubert Comon and Ralf Treinen. Ordering Constraints on Trees. In Proc. 
CAAP, LNCS 787, Edinburgh, Scotland, Springer- Verlag. 

Der87. Nachum Dershowitz. Termination of rewriting. Journal of Symbolie Com- 
putation, 3:69-116, 1987. 

GNN95. Harald Ganzinger, Robert Nieuwenhuis, and Pilar Nivela. The Saturate 
System, 1995. (see www.mpi-sb.mpg.de/SATURATE/Saturate.html). 

J091. J-P. Jouannaud and M. Okada. Satisfiability of systems of ordinal notations 
with the subterm property is decidable. In Proc 18th ICALP, LNCS 510, 
Madrid, Spain, July 16-20 1991. Springer- Verlag. 

KKR90. Claude Kirchner, Helene Kirchner, and Michael Rusinowitch. Deduc- 
tion with symbolic constraints. Revue Prancaise d’ Intelligence Artificielle, 
4(3):9-52, 1990. 

KNS85. Deepak Kapur, Paliath Narendran, and G. Sivakumar. A path ordering for 
proving termination for term rewriting systems. In Proc. of 10th ICALP, 
LNCS 185, pages 173-185, Germany, 1985. Springer- Verlag. 

Les90. Pierre Lescanne. On the recursive decomposition ordering with lexicograph- 
ical status and other related orderings. J. Aut. Reasoning, 6(l):39-49, 1990. 

Nie93. Robert Nieuwenhuis. Simple LPO constraint solving methods. Information 
Processing Letters, 47:65-69, August 1993. 

NR95. Robert Nieuwenhuis and Albert Rubio. Theorem Proving with Ordering and 
Equality Gonstrained Glauses. J. Symbolic Comp., 19(4):321-351, 1995. 

NRV98. P. Narendran, M. Rusinowitch, and R. Verma. RPO constraint solving is 
in NP. In CSL 98, Brno, Gzech Republic, August 23-28, 1998. Abstract at 
http: / /www.dbai.tuwien.ac.at/CSL98. 



Jeopardy 



Nachum Dershowitz^ and Subrata Mitra^ 



^ Department of Computer Science 
Tel-Aviv University 
Ramat Aviv, Tel-Aviv 69978, Israel 



nachumdOcs . tau. ac . il 
^ Enterprise Component Technology 



162 36th “A” Cross 
3rd Main, 7th Block 
Jayanagar, Bangalore 560 082, India 



Jeopardy? Isn’t that a game show? 
■Faye Kellerman, Prayers for the Dead 



Abstract. We consider functions defined by ground-convergent left- 
linear rewrite systems. By restricting the depth of left sides and disal- 
lowing defined symbols at the top of right sides, we obtain an algorithm 
for function inversion. 

1 Motivation 

It is thought that some ancient cultures employed a solar calendar with a fixed 
year-length of 360 days and a simple scheme of 12 equal-length months. Imagine 
a 0-based version of such a calendar. Given a date {d, m, y) consisting of a year 
number y, month number m and day number d, it is trivial to calculate the 
number of elapsed days since the onset of the calendar on date (0, 0, 0): 



To facilitate conversion of dates between calendars (see 
[Dershowitz and Reingold, 1997]), one also needs to compute the inverse 
of n to find the date (d, m, y) corresponding to a given number of elapsed days 
N . The appropriate function is not all that trivial: 



The ideal of logic programming suggests that one should only need to specify 
the function n and simply let the programming language do the “dirty work” 
and solve for (d, m, y), given any N . That is, we want the machine to determine 
the appropriate question for a given answer, as in the popular game “Jeopardy” . 
Narrowing (or any other complete semantic-unification procedure), given a goal 
n{d,m,y) =' 400 (and some appropriate definitions of operations on natural 

P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 16^^| 1999. 

@ Springer-Verlag Berlin Heidelberg 1999 



n{d, m, y) = 360 xy-|-30xm-|-d 



( 1 ) 



tT (N) = {N mod 30, [{N mod 360) /30J , [A/360J ) 



( 2 ) 
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numbers) would yield the sought-after solution d = 10, m = 1, y = 1. Unfortu- 
nately, it would also find numerous undesirable solutions, such as d = 40, m = 
12, y = 0. Worse, unadulterated narrowing will continue forever seeking addi- 
tional, nonexistent solutions for y > 1. To eliminate the undesired “solutions”, 
one would have to add the missing parts of the specification in the form of 
constraints: 

n(d, m, y) -/V, d < 30 T, m < 12 =’ T 
To preclude nontermination, one could add “failure-causing” rules: 

s(a;) =■ s{y) ^ x y 

s(x) =■ O^F (3) 

0 =? s(y) ^ F 

Applied eagerly (as suggested in [Dershowitz and Plaisted, 1988]), these rules 
prune unsatisfiable inversion goals. 

Thus, we are interested in the problem of solving sets of equations of the 
form t = N, where t is an arbitrary term containing defined function symbols, 
constructors (that is, undefined function symbols and constants) , and variables, 
while iV is a value, by which we mean a term containing constructors only, 
without defined symbols or variables. We will describe a broad class of functions 
that can be inverted in this manner. Failure rules, like B, which hold in general 
for constructors in convergent systems, are built into the algorithm. 

More generally, semantic matching is the process of generating a basis set 
of substitutions that, when applied to a “pattern” term, gives a term equal 
(in some theory) to a given “target” term. In other words, matching is the 
special ( “one-way” ) case of (semantic) unification in which one of the two terms 
to be unified is ground (variable-free). Matching algorithms are required for 
pattern application in functional languages and have potential uses in logic- 
based languages. For example, given the usual definitions for append and reverse 
on lists, it is natural to implicitly define a predicate for checking if a list is a 
palindrome in the following manner: 

palindrome{append{x,reverse{x))) = T , , 

palindrome{append{x , a : reverse (a;))) = T ^ ' 

To use such definitions within a functional pattern-directed language, it is nec- 
essary to match patterns of the form append{x, reverse(x)) against values like 1: 
2: 2: 1: e. To perform such matches — which is not possible in current functional 
languages — an inversion algorithm is required. 

We restrict ourselves to equational theories that are presented as (rather 
typical) functional programs in the form of ground-convergent left-linear rewrite 
systems. Though for arbitrary linear systems, matching is unsolvable, by placing 
(not wholly unrealistic) syntactic restrictions on the sides of rules (left sides are 
restricted in depth and right sides may not have arbitrary defined symbols at the 
top), we can show termination of our inversion algorithm. We do not actually 
require sufficient completeness (only convergence), so some ground terms may 
have non-constructor normal forms. 
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For calendar computation from scratch, we also need a program for (unary) 
“natural arithmetic” , such as 



a; -1- 0 - 


X 


s(a;) < s{y) - 


-> X <y 


X + s{y) - 


s{x -k y) 


0 < s{y) - 


T 


a; X 0 - 


0 


0 < 0 - 


F 


X X s{y) - 


(a; X y) -k a; 


s{x) < 0 - 


F 



Though this program does not meet our criteria, it can be massaged into shape; 
see Section H 

On the other hand, the following (somewhat peculiar) ground-convergent 
version (with standard abbreviating conventions) of multiplication does satisfy 
the requirements we impose for invertibility: 

a; X 0 ^ 0 
0 X a; ^ 0 

sx X sy —>■ s(x X sy + y) 

Together with a definition of squaring: 

^ X X X (7) 

it allows us to compute square-roots by solving goals like x^ — 

In Section^ we give an algorithm for inversion when certain syntactic con- 
ditions, enumerated in Section^ are fulfilled. The algorithm, the correctness of 
which is proved in Section is based on the more generally valid goal transfor- 
mation rules of Section^ From the theoretical point of view, we are interested in 
probing the borderline between decidability and undecidability, so the necessity 
of the conditions is also shown. Prior work is summarized in Sectionjand future 
work is suggested in Section J First some preliminaries. 

2 Nomenclature 

We use standard notation and terminology for concepts in rewriting 

In particular, s t means that the (first- 
order) term s rewrites (in zero or more steps using the system under question) 
to the normal-form (i.e. unrewritable term) t. For our purposes, any function 
symbol or constant that appears at the root of a left side of a rule is defined, 
while all others are constructors. A constructor term (or context) is composed 
of constructors and variables; a ground constructor term (context) is a value 
(context). A rule defining a symbol / will be called an /-rule. 

A system is left-linear if no variable appears more than once on the left side; 
it is linear if no variable appears on either side more than once. The depth ||t|| of 
a term t is the number of symbols in the longest path of its tree representation. 
This means that constants and variables have depth 1. A variable is shallow in 
a term if it does not appear below depth 1. 



a; -I- 0 
x-\-sy 



X 

s{x + y) 



( 6 ) 
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A matching (sub) goal takes the form s — t, where s and t share no variables, 
and has a solution a, assigning terms to variables in s, if and only if scr —>■ tr, 
for some (ancillary) substitution r of terms for variables in t. Clearly, if t itself 
is not in normal form, the goal has no solutions. There may of course be more 
than one solution to a goal. We need not compute them all: We can ignore more 
specific solutions than ones we do compute (e.g. x sz subsumes x sssO); 
we can ignore solutions that are not normalized, since they must be equal to 
normal-form solutions (e.g. a; 0 x 2 is covered by a; 1— > 0 for the theory of 
multiplication) . 

In inversion problems s =’ N, the term fV is a (variable-free) value. If the 
rewrite system R is ground convergent, then an equation s =’ IV has a ground 
solution 7 in the equational theory of R if, and only if, 7 is equivalent to some 
solution of the inversion goal s N. Hence, to find all solutions ct to s = ■ N, 
one can look for a complete set of solutions to s N. 

3 Background 

Any complete procedure for semantic matching with respect to an arbitrary 
theory cannot always terminate, even if the theory is presented as a finite, lin- 
ear, convergent system for two reasons: matchability for some such theories is 
undecidable [Heibrunner and Holldobler, 1987]; some have no finite set of most 
general unifiers [Fages and Huet, 1983]. 

Semantic unification in a theory supplied with a finite ground convergent 
(i.e. confluent for ground terms and terminating) rewrite system is known to be 
computable in the following special cases: 

— Every non-ground right side is a variable [Hullot, 1980]. 

— Every non-ground right side is a constructor term [Dershowitz et al., 1992]. 

— Every non-ground right side is a proper subterm of its left side 
[Narendran, Pfenning and Statman, 1997]. 

— Every non-ground right side is either a constructor term or a proper subterm 
of its left side [Mitra, 1994]. 

— Every right side is composed of constructors and proper subterms of its left 
side [Mitra, 1994]. 

— All variables are shallow on the left side [Christian, 1992]. 

— The system is linear and every variable that appears on both sides is shallow 
on both sides (convergence is unnecessary) [Nieuwenhuis, 1998]. 

— The system is linear and the right side of every /-rule is either a constructor 
term or a proper subterm of the left side, except for at most one right side 
that may be a value context with a single subterm (?(..., ri , . . .), where every 
Vi is either a variable or a value [Dershowitz and Mitra, 1992]. 

— The system is linear and the right side of every /-rule is a constructor term, 
except for at most one right side that may be a constructor context with a 
single subterm (?(..., Vi , . . .), where every is either a variable or a value 
[Mitra, 1994]. 
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Only the last two special cases are powerful enough to capture even simple 
recursive functions like addition. 

Under the assumption of ground convergence, one need only consider inner- 
most computations, in which rules are always applied to terms whose proper 
subterms are in normal form. For that reason, one need only compute normal- 
form solutions; they are equivalent in the equational theory R to all others. 
For left-linear systems, semantic matching can be simpler than unification, since 
we know the shape of the normal form of the instantiated pattern. In prior 
work [Dershowitz et al., 1992], we showed decidability of semantic matching for 
certain variable-preserving or left-linear ground convergent systems satisfying a 
(noncomputable) semantic condition, called “decreasingness” . Let |t] represent 
the depth (or other measure for which proper subterms are smaller than their 
superterms) of the (unique) normal form of t for a given system. The point is 
that: 

Theorem 1. For a ground convergent rewrite system, the normal-form solu- 
tions a to an inversion goal s N are bounded in depth, i.e. \xa\ < ||fV||, if 
for all defined symbols f and ground terms |/(. . . , t, . . .)] > |t] . 

Proof. If scr TV, then |s(t] = |TV]. Hence, Ixcrjl = \xa\ < |s(t] = |TV], since 
xa is a normal form. 

It follows that, for such systems, the (finite) set of (normal-form) solutions to 
inversion goals can be computed in finite time. The problem is that the condition 
precludes “erasing” rules that have a variable on the left that is not carried 
over to the right side. To get around this obstacle, one can distinguish between 
decreasing and non-decreasing defined symbols: 

Theorem 2 ([Dershowitz et al., 1992]). The inversion problem is com- 
putable for a left-linear ground convergent rewrite system if no right side has 
a defined symbol at its root, nor a defined symbol that appears below a function 
symbol f that is “decreasing” , in the sense that there are ground terms for which 
!/(..., t,...)l < |t]. 

In System Q, x and < are decreasing (e.g. |s^0 x 0] = |0] = 1 < 5 = |s^0j), 
but one rule has a defined symbol at the top right. Indeed, the goal 0 x a; 0 
has infinitely many solutions s"0, and there is no more general term s*y for 
which 0 X s^y —^ 0. This is because 0 x y = 0 is only an inductive, but not an 
equational, theorem of Q. For this reason, we need to use convoluted rules for 
multiplication, as in Q. 

4 Complete Inversion 

For finite equational theories, satisfiability problems are recursively enumerable, 
and general-purpose semantic-unification procedures have been extensively stud- 
ied. If we restrict ourselves to ground convergent rewrite systems that are left- 
linear, then the following transformation rules constitute a complete procedure 
for inversion of goals s —>■' N: 
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Decompose: 

Mutate: 



T'T TZ 

Si >■ Ii, . . . , Sn ^ In 

f ("^l 5 ■ ■ ■ 5 ^n) ^ ^ 

Si > Wp^ ■ ■ ■ 5 ^ ^nP 



p is a solution to r t; 
/(/i, . . . , L) ^ r is a (re- 
named) rule in i? 



Eliminate: 




Ignore: 



a; is a variable 



a: is a variable 



When Decompose and Mutate can both be applied to the same subgoal, both 
alternatives must be explored. The rules are applied until all that remains is a 
set of syntactic unification goals of the form Xj = tj . Any solution to the latter 
is a solution to the original goal. Variables in the left half of goals are never 
instantiated, giving a “basic” strategy. 

We need to show that this system of goal transformations has the following 
properties: 

Soundness Given a goal s t, if the procedure produces a solution a, then 
sa ^ ^ tr, for some substitution r. 

Completeness Given a goal s ^ ' t, if sa — tr for some a and r, the procedure 
will produce a solution /i such that there is a substitution p for which R ^ xpp = 
xa, for each variable x appearing in s. 

Soundness should be clear except for the Ignore rule, for which we need the 
following lemmata: 

Lemma 1. For any left-linear rewrite system, if s' t' is a current subgoal 
and X is a variable in t' , then the set of current subgoals contains only that one 
occurrence of x. 

Proof. In the right half of the initial goal s N, there are no variables. When 
Decomposing /(si,...,s„) /(G, . . . , t„), any variable that appeared once 

on the right is now in only one ti. When Mutating, first r — s-'’ t is solved, at 
which point the terms U do not yet appear in any subgoal. Later, when solving 
Si — hp, any variable y in lip is either from the rule, in which case it is alone, 
since R is left-linear, or it was introduced by p, in which case it derives from 
eliminated goals xj = ' tj and appeared alone in the tj . 



Lemma 2. If a variable x only appears in the right half of a subgoal s — x, 
that subgoal may be deleted (by Ignore). 

Proof. For each solution a, the ancillary substitution r includes x sa to 
satisfy the eliminated subgoal. 




22 



N. Dershowitz, S. Mitra 



Were the system not left-linear, then there would be variables y in the right 
half of more than one goal. That would require an additional rule to transform 
a goal /(si,...,s„) y into y =■ . . . , si y„, for 

new variables yi. 

The proof of completeness is by induction on the number of steps in any 
innermost normalizing derivation sa tr, and, secondarily, on the depth of s. 

1. If it has zero steps, then sa = tr and Decomposition and Eliminate will find 
a solution at least as general as a. 

2. If t is a variable, then Ignore generates the most general (trivial) solution. 

3. If s is a variable x and a provides a normal form N for it, then by confluence, 
N t only if iV is t, and Eliminate generates the right solution. If x also 
has a normal form (from a prior goal) looking like u, then t and u must unify. 

4. Otherwise, Decomposition proceeds until a smaller subgoal that requires a 
rewrite at the top arises. Consider such a derivation 

/(si, . ..,s„)a > f{h,- ■■,ln)p = rp tr 

Mutation does the trick by first finding (something at least as general as) 
the substitution p for r t] the solution a is then found from the si —>■' lip 
subgoals. 

5 Constructing Systems 

In the next section we will prove that the following syntactic requirements suffice 
for solvability of matching goals: 

(A) Each left side is of depth at most 3. 

(B) If a right side is a variable or constant, then the left side of that rule is of 
depth at most 2. 

(C) Whenever a right side is not a variable, it is headed by a constructor. 

A left-linear, ground convergent system satisfying these three conditions will 
be called a constructing system. Only condition (C) is severe in practice. 

Now we show that each of the above three restrictions is necessary: If 
one drops the requirement of left-linearity, we get undecidability using a rule 
E{x, x) ^ T to reduce an arbitrary unification problem s ='^ t to E{s, t) — T. 

In the remaining cases, we reduce unification in the theory of addition and 
multiplication over natural numbers (which is undecidable per Hilbert’s Tenth 
Problem) to matching problems, for which we use the constructing rules in Q. 

If one violates (C) and allows defined right-root symbols, we have the follow- 
ing counterexample: 



/O 
E(0,0) 
E{sx, sy) 



0 

0 

fE(x,y) 



(8) 
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By induction it is easy to see that 

E{x, y) 0 if and only if x, y — s"0 for some n 

Therefore, a goal of the form E{t, u) — 0 would, in general, be unsolvable for 
arbitrary terms t and u involving + and x . 

The following system illustrates the problem when a left side is of depth 3 
and the right side of depth 1: 

/O^O if(0,0)^s0 
/sO ^ 0 E{sx, sy) sfE{x, y) 



for which 

E{x, y) — >■ sO if and only if x, y s"0 for some n 

Finally, we relax Condition (A) and allow depths greater than 2 below the 
left root. Consider: 



fsx sO 

G(ssO, ssx) sssx 



E{0, 0) ^ ssO 

E{sx, sy) sfG{E{x, y), ssO) 



(10) 



Since /G(ss0, ssO) ^ fsssO — > sO, 

E(x, y) ssO if and only if x, y s"0 for some n 



and matching is undecidable. 



6 Computable Inversion 

We present in this section algorithm for function inversion for any theory pre- 
sented by a constructing system R. For instance, the following is a constructing 
system for inserting a number in its correct place in an ordered list, and therefore 
it has a computable inverse: 

min{x, 0) ^ 0 max{x, 0) ^ a; 

mm(0, a;) ^ 0 max(0, x) ^ x 

min{sx,sy) s{min{x,y)) max{sx,sy) s{max{x,y)) 

insert{x, nil) x : nil 

insert{x, y : z) ^ min{x, y) : insert{max{x, y), z) 

At each stage of the algorithm, we have a set of subgoals. We (don’t care) 
non-deterministically choose one, s t, and consider the following cases. 

1. If s and t are identical, the subgoal may be removed. 

2. If t is a variable, just remove this subgoal. 

3. Suppose s is a variable x: 

(a) If X is already bound to a term u, then bind it instead to the most general 
unification of u and t. 




24 



N. Dershowitz, S. Mitra 



(b) If u and t are not unifiable, fail. 

(c) If X is unbound but appears in t, fail. 

(d) If X does not appear in t, add the binding x ^ t. 

4. If neither s = /(si , . . . , s„) nor t = g(ti , . . . , is a variable, try both of the 

following: 

(a) ii f = g (and m = n), replace the current goal with the multiset of goals, 

? , ? , 

Si > ^ • 

(b) For each rule , . . . , l„) r in R (with all its variables renamed apart 
from those in the goal), do one of the following: 

i. If r and t are identical, then replace the goal with subgoals si 

1 "7 1 

5 • • • 5 ^ 

ii. If r is a variable x, then replace the goal with subgoals si 
l\p, . ■ .,Sn InP, where pis x ^ t. 

iii. If r is headed by a constructor that is not g, fail this path. 

iv. If g is a constructor, first recursively solve the subgoals r\ — 

, . . . , Tm — > ■ tm in succession. For each solution p to the variables of 
these m subgoals, solve the new subgoals si — hp , . . . , s„ — InP- 

7 Correctness 

To prove the correctness of the above inversion algorithm, we need to establish 
its soundness, completeness, and termination. It goes without saying that it can 
be exponential in cost. 

Soundness will be easy, since each step of the algorithm is an application of 
one or more transformation rules of Section ^ For completeness, we need only 
check that every transformation that might lead to a solution is attempted by 
the algorithm. 

For termination, we will use the bag (multiset) extension of the lexicographic 
measure (||t||, ||s||) of a subgoal s t. We will also need the following invariant, 
which we show by computational induction: 

For each mapping x ^ u of a solution to a goal s — t, we have ||u|| < ||t||. 

Indeed, it is because most general solutions are bounded in size that the inversion 
problem is decidable for constructing systems. 

Let the current goal s t be called G. Let X signify the set of variables 
and 7 , the current partial solution. We use = for identity of terms. 

Consider each step of the algorithm in turn: 

^ If s = t, remove G. 

This is sound, since it is a composite of Decompose and Ignore and results 
in the trivial solution. There is no need to Mutate for completeness, since 
s must be normalized if t is. 



H //t S X, remove G. 
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This is just an application of Ignore and covers all its applicable cases. 

It, too, results in the trivial solution. 

If s = X G X, but S 7 t is unsatisfiable, fail. 

In these cases, the syntactic goal s=^t will fail. 

If s = X G X and mgu{sj, t) exists, remove G and replace x ^ u in ^ 
with mgu{u, t). 

This is Eliminate combined with syntactic unification and covers the 
only successful case of Elimination. 

Since the most general unifier of linear terms with disjoint variables (see 
Lemma | is bounded in depth by the maximum of their depths, all 
substitutions satisfy the invariant. 

If s = f{si , . . . , s„) and t = /(..., .. .), replace G with subgoals st — ti, 

i = 1, . . . , n. 



This is just Decompose and covers all cases needed for completeness that 
are not included in Step^ 

Termination follows from the fact that each subgoal is smaller, since 
I til < ||t||. By induction all solutions are bounded by ||t|| — 1. 



If s = f{si,...,Sn) and f{...,lj,...) 

Si ^ li, t — 1, . . . , 7Z. 



t G R, replace G with subgoals 



This is Mutate, when r = t, and the subgoal r — t is trivial, yielding 
the identity substitution for p. 

If r is a constant, then, by assumption (B), ||/i|| = 1 = ||r|| = ||f|| and 
solutions are bounded by ||t||. Since ||si|| < ||s||, the subgoals are smaller. 

If r is not a constant, then, by assumption (A), ||^i|| < 2 < ||r|| = ||f||. 

X G R and x G X, replace G with 



S If s =J{si,...,Sn), f{...,k,...) 
Is Si k{x t}, i = 1, . . . ,n. 



This is Mutate for “collapsing” rules {r G X). 

By assumption (B), k is either a constant or a variable (possibly x). 
Thus, i— > t}| is either 1 or ||f||. In any case, the new subgoals are 

smaller by virtue of their shallower left half Si. 

c(. . . , Tfc, . . .) G R has constructor c ^ g, 



S If t = 5(- ■ ■ j tjj ■ ■ ■)) ^ 

oice path fails. 



Mutation cannot succeed in this case, since c{. . . ,Vk, . . .)a 
g(. . . ,tj, . . .)t is impossible. 

If s = /(si, . . ., s„), t = c{ti, . ..,tm), /(. ..,k,...)^c{...,rj,...)GR, 
c^w^zis a constructor, solve the set Si Up (i = 1, . . . ,n), for each solution p 
of the Vj tj (j = 1, . . . , m) . 
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This is the only remaining case for Mutate, since assumption (C) is that 
the root of a non-variable right side is a constructor. 

The Tj — tj have shallower right halves, so the computation of p ter- 
minates. 

By assumption (A), ||/i|| < 2 and k can contribute at most 1 to the depth 
||/ip||. By induction, ||a;p|| < ||tj|| < ||t|| — 1, so ||/ip|| < ||t||, and the second 
set of subgoals is smaller by virtue of their left halves. Also, their solution 
is bounded by ||t||. 

8 Extensions 

A “symbolic definition” of the form 

f{xi, ...,Xn)^e 

which just defines a non-recursive function / that does not appear elsewhere (in 
e or R), like the calendar rule Q for n or squaring rule x'^ —> x x x can 
always be added to a decidable system, since those symbols can be immediately 
eliminated from any goal containing them. 

Theorem was refined in [Aguzzi and Modigliani, 1994] with a notion of 
“positional” increase. By using positional information, it is possible to handle 
certain systems that do not have leading constructors on the right-hand sides 
of rules. For example, the usual definition of x can be used instead of the three 
multiplication rules in Q. With such an extension, we should be able to handle 
insertion sort by adding sort(e) — > e and sort{x : y) insert{x, sort{y)) to 

Looking at our proof of the correctness of the algorithm, it should be clear 
that one can allow left sides of depth d > 3 for rules such that the normal form 
of the right side r has no path of length less than d -|- 1 . Checking normal forms 
of all instances is not a syntactic condition, but testing for ground reducibility 
is [Plaisted, 1985]. So we can replace Conditions (A) and (B) with the following: 

(*) For each rule I ^ r, we have |/| <1 + 2, where i is the length of the 
shortest path from the root of r to a ground reducible position. 

Since the ground-normal form of any term is of depth at least 1, this condition 
guarantees that the subgoal r —f t will result in variable bindings that are no 
deeper than \\t\\ — d. 

Returning to the calendar, the rules for < needed to constrain the length of a 
month and a year violate even this condition. The calendar code, however, does 
not require solutions to arbitrary inequalities, only to inequalities of the form 
X < N, for ground term N. These cannot be handled by tabulated functions, 
with rules like 2 < 12 ^ T (where 12 is just an abbreviation for s^^O), since the 
left side would be too deep. Instead, we can rephrase a constraint x < N — >■ T 
as X < N — >■ and use: 

sx < sy ^ T{x < y) Lsx TLx 

0 < sx TLx LO — *■ T 



( 12 ) 
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in lieu of the rules for inequality in Q. 

A more interesting situation is posed by months of unequal length, as in 
many archaic calendars having epagomenal days, which we treat as a thirteenth 
month of only five days (making for a 365-day year) . That requires the constraint 

m < 13 A d < 30 A (m < 12 V d < 5) 

for which we use the goals 

m < 13 T^^T, d < 30 T^°T, 

and compute disjunction as follows: 

TxV y ^ T{x V y) 
yy Tx ^ T{x V y) 

For example, 

12<12V4<5^ > Ti2(0 < 0) V T'^iO < 1) 

^ Ti2(0 < 0) V T^LO ri2(0 < 0) V T^T 
> ri^(o < 0 V T) ^ 



(m< 12Vd< 5) 



T Vy ^ T 
y V T ^ T 



(13) 



For non-left-linear systems, simple inversion goals of the form 
/(..., Ci, .. .) — N, where the Ci are constructor terms, can be solved, 
provided no right side has a defined symbol at its root, nor a defined symbol 
that appears below a “decreasing” symbol [Mitra, 1994]. Syntactic criteria for 
this case are also possible. 

In [Dershowitz and Mitra, 1992], we considered systems with potentially in- 
finitely many solutions, which were captured as indexed terms, along the lines 
of [Comon, 1992]. (See Section^) Such an approach should work for some in- 
version problems with unbounded solutions. 

The following constructing system for differentiation illustrates some of the 
subtleties of inversion problems: 



Dt -I- sO 
DO ^ 0 
Dsx — > Dx + 0 



D{x + y) ^ Dx + Dy 
D{x X y) ^ X X Dy + y x Dx 



(14) 



The third rule has -1-0 to ensure that the right side is headed by the constructor -|- 
(vis-a-vis this system, at least, it is a constructor). If we include our constructing 
rules for x, inverting the goal Dz t + t yields the indefinite integral z i-^ 
t X t, but, in the absence of simplifying rules for addition, we do not get more 
general solutions. And one cannot add addition, without turning -|- into a defined 
function, at which point ^3 would no longer be constructing. 

Perhaps results (e.g. [Jacquemard, 1996]) on regularity of the normalizable 
terms, which have bearing on derivability, can help decide matching. 

Finally, our algorithm can serve as the basis of a program to compile a logic 
program for computing the inverse of a given functional program. 
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Abstract. Stratego is a language for the specification of transforma- 
tion rules and strategies for applying them. The basic actions of trans- 
formations are matching and building instantiations of first-order term 
patterns. The language supports concise formulation of generic and data 
type-specific term traversals. One of the unusual features of Stratego 
is the separation of scope from matching, allowing sharing of variables 
through traversals. The combination of first-order patterns with strate- 
gies forms an expressive formalism for pattern matching. In this paper 
we discuss three examples of strategic pattern matching: (1) Contextual 
rules allow matching and replacement of a pattern at an arbitrary depth 
of a subterm of the root pattern. (2) Recursive patterns can be used 
to characterize concisely the structure of languages that form a restric- 
tion of a larger language. (3) Overlays serve to hide the representation 
of a language in another (more generic) language. These techniques are 
illustrated by means of specifications in Stratego. 



1 Introduction 

First-order terms are used to represent data structures in term rewriting systems, 
functional and logic programming languages. First-order patterns are used to 
decompose such terms by simultaneously recognizing a structure and binding 
variables to subterms, which would otherwise be expressed by nested conditional 
expressions that test tags and select subterms. However, first-order patterns are 
not treated as first-class citizens and their use poses limitations on modularity 
and reuse: no abstraction over patterns is provided because they may occur only 
in the left-hand side of a rewrite rule, the arms of a case, or the heads of clauses; 
pattern matching is at odds with abstract data types because it exposes the data 
representation; a first-order pattern can only span a fixed distance from the root 
of the pattern to its leafs, which makes it necessary to define recursive traversals 
of a data structure separately from the pattern to get all needed information. 

For these reasons, enhancements of the basic pattern matching features have 
been implemented or considered for several languages. For example, list matching 

* This paper was written while the author was employed by the Pacific Software Re- 
search Center, Oregon Graduate Institute, Portland, Oregon, USA. This work was 
supported, in part, by the US Air Force Materiel Command under contract F19628- 
93-C-0069. 



P. Narendran and M. Rusinowitch (Eds.); RTA’99, LNCS 1631, pp. 30-^^ 1999. 
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in ASF+SDF Q is used to divide a list in multiple sublists possibly separated 
by element patterns. Associative-commutative (AC) matching in OBJ, Maude 
Q and ELAN Q supports the treatment of lists as multi-sets. Higher-order 
matching in AProlog allows the matching of subterms at a variable depth. 
Views for Haskell, as proposed in provide a way to view a data structure 
using different patterns than are used to represent them. Each of these techniques 
provides a mix of structure recognition, variable binding, term traversal, and 
transformation. For instance, in list (AC, higher-order) matching a term is first 
transformed by application of the associative and identity laws (associative and 
commutative laws, /3?7-conversion) and then matched against the given pattern. 
Matching a view pattern involves the transformation of the underlying data 
structure to the view data type. 

This paper shows how the rewriting strategies paradigm pro- 

vides a general framework for describing and implementing such pattern match- 
ing combinations. Rewriting strategies are programs that determine the order in 
which rewriting rules are applied. One of the important aspects of strategies is 
the definition of term traversals to find subterms to which rules can be applied. 
Here the application of such traversals in the definition of patterns at the level 
of individual rules is considered. 

This paper explores strategic pattern matching in Stratego a language 

for the specification of program transformation systems. Stratego is a layer of 
syntactic abstractions on top of System S, a core language for the definition of 
rewriting strategies. The basic actions of System S are matching and building 
instantiations of first-order term patterns. The language supports concise for- 
mulation of generic and data type specific term traversals. One of the unusual 
features of System S is the separation of scope from matching, allowing shar- 
ing of variables through traversals. The combination of first-order patterns with 
strategies forms an expressive formalism for pattern matching. 

The next section gives a brief overview of System S and Stratego. The follow- 
ing sections discuss three applications of strategic pattern matching illustrated 
by means of specifications in Stratego: (1) Contextual rules allow matching and 
replacement of a subterm at an arbitrary depth with respect to the root of a 
pattern. Section H shows how contextual patterns are used in a concise speci- 
fication of a type checker. (2) Recursive patterns can be used as predicates to 
characterize concisely the structure of languages that form a subset of a larger 
language. Section H illustrates the idea by means of a characterization of con- 
junctive and disjunctive normal forms as a restriction of propositional formulae. 
Section H applies the same technique to characterize the embedding of AsFix, 
the abstract syntax representation of ASF-I-SDF, into ATerms, a universal data 
type. (3) Overlays are pseudo-constructors that abstract from an underlying 
(complex) representation using real constructors. They can be used to overlay a 
language on top of another more generic representation language. Section^de- 
fines overlays for AsFix to hide the details of its embedding in ATerms. Related 
work is discussed in Section ^ and some conclusions are drawn in Section ^ 
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2 Rewriting Strategies 

This section introduces System S, a calculus for the definition of tree transfor- 
mations, and Stratego, a specification language providing syntactic abstractions 
for System S expressions. For an operational semantics see 



2.1 System S 

System S is a hierarchy of operators for expressing term transformations. The 
first level provides control constructs for sequential non-deterministic program- 
ming, the second level introduces combinators for term traversal and the third 
level defines operators for binding variables and for matching and building terms. 

First-order terms are expressions over the grammar 

t := X I C(tl , . . . ,tn) I [tl,...,tn] I (tl,...,tn) 

where x ranges over variables and C over constructors. The arity and types of 
constructors are declared in signatures. The notation [tl, . . . ,tn] abbreviates 
the list Cons (tl , . . . ,Cons (tn,Nil) ) . Transformations in System S are applied 
to ground terms, i.e., terms withouth variables. 

Level 1: Sequential Non-deterministie Programming Strategies are programs that 
attempt to transform ground terms into ground terms, at which they may suc- 
ceed or fail. In case of success the result of such an attempt is a transformed 
term. In case of failure the result is an indication of the failure. Strategies can be 
combined into new strategies by means of the following operators: The identity 
strategy id leaves the subject term unchanged and always succeeds. The failure 
strategy fail always fails. The sequential composition si; s2 first attempts to 
apply si to the subject term and, if that succeeds, applies s2 to the result. The 
non-deterministic choice si + s2 attempts to apply either si or s2. It succeeds 
if either succeeds and it fails if both fail; the order in which si and s2 are tried 
is unspecified. The deterministic choice si <+ s2 attempts to apply either si 
or s2, in that order. The recursive closure rec x(s) attempts to apply s, where 
at each occurence of the variable x in s, the strategy rec x(s) is applied. The 
test strategy test(s) tries to apply s. It succeeds if s succeeds, and reverts the 
subject term to the original term. It fails if s fails. The negation not (s) succeeds 
(with the identity transformation) if s fails and fails if s succeeds. Two examples 
of strategies defined with these operators are try and repeat in FigureJ 

Level 2: Term Traversal The Level 1 constructs apply transformations to the root 
of a term. In order to apply transformations throughout a term it is necessary 
to traverse it. For this purpose. System S provides the following operators: For 
each n-ary constructor C the congruence operator C(sl, . . . ,sn) is defined. It 
applies to terms of the form C(tl, . . . ,tn) and applies si to ti for 1 <= i <= 
n. An example of the use of congruences is the operator map(s) in Figure^that 
applies s to each element of a list. 
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module traversals 
imports lists 



strategies 

try(s) = s <+ id 
repeat (s) = rec x(try(s; x)) 
topdown = rec x(s; all(x)) 
bottomup = rec x(all(x); s) 



map(s) = rec x(Nil + Cons(s, x) ) 

list(s) = rec x(Nil + Cons(s, x)) 

alltd(s) = rec x(s <+ all(x)) 
oncetd(s) = rec x(s <+ one(x)) 



downup(s) = rec x(s; all(x); s) sometd(s) = rec x(s <+ some(x)) 
onebu(s) = rec x(one(x) <+ s) somebu(s) = rec x(some(x) <+ s) 
downup2(sl, s2) = rec x(sl; all(x); s2) 



Fig. 1. Specification of several generic term traversal strategies. 

Congruences can be used to define traversals over specific data structures. 
Specification of generic traversals (e.g., pre- or post-order over arbitrary struc- 
tures) requires more generic operators. The operator all(s) applies s to all 
children of a constructor application C(tl, . . . ,tn). In particular, all(s) is the 
identity on constants (constructor applications without children). The strategy 
one(s) applies s to one child of a constructor application C(tl, . . . ,tn); it is 
precisely the failure strategy on constants. The strategy some(s) applies s to 
some of the children of a constructor application C(tl, . . . ,tn), i.e., to at least 
one and as many as possible. Like one(s), some(s) fails on constants. 

Figure H defines various traversals based on these operators. For instance, 
oncetd(s) tries to find one application of s somewhere in the term starting at 
the root working its way down; s <+ one (x) first attempts to apply s, if that 
fails an application of s is (recursively) attempted at one of the children of the 
subject term. If no application is found the traversal fails. Compare this to the 
traversal alltd(s), which finds all outermost applications of s and never fails. 

Level 3: Match, Build and Variable Binding The operators introduced thus far 
are useful for repeatedly applying transformation rules throughout a term. Ac- 
tual transformation rules are constructed by means of pattern matching and 
building of pattern instantiations. 

A match ?t succeeds if the pattern term t matches the subject term. As a 
side-effect, any variables in t are bound to the corresponding subterms of the 
subject term. If a variable was already bound before the match, then the binding 
only succeeds if the terms are the same. This enables non-linear pattern match- 
ing, so that a match such as ?F (x , x) succeeds only if the two arguments of F in 
the subject term are equal. This non-linear behaviour can also arise accross other 
operations. For example, the two consecutive matches ?F(x, y) ; ?F(y, x) suc- 
ceed exactly when the two arguments of F are equal. Once a variable is bound 
it cannot be unbound. 

A build ! t replaces the subject term with the instantiation of the pattern t 
using the current bindings of terms to variables in t. A scope {xl, . . . ,xn: s} 
makes the variables xi local to the strategy s. This means that bindings to these 
variables outside the scope are undone when entering the scope and are restored 
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after leaving it. The operation where (s) applies the strategy s to the subject 
term. If successful, it restores the original subject term, keeping only the newly 
obtained bindings to variables. 

2.2 Stratego 

The specification language Stratego provides syntactic abstractions for System S 
expressions. A specification consists of a collection of modules that define signa- 
tures, transformation rules and strategy definitions. 

A signature declares the sorts and operations (constructors) that make up the 
structure of the language(s) being transformed. An example signature is shown 
in Figure^ A strategy definition f (xl , . . . ,xn) = s introduces a new strategy 
operator f parameterized with strategies xl through xn and with body s. Such 
definitions cannot be recursive, i.e., they cannot refer (directly or indirectly) to 
the operator being defined. All recursion must be expressed explicitly by means 
of the recursion operator rec. Labeled transformation rules are abbreviations of 
a particular form of strategy definitions. A conditional rule L : 1 -> r where s 
with label L, left-hand side 1, right-hand side r, and condition s denotes a strat- 
egy definition L = {xl, . . . ,xn: ?1; where (s) ; !r}. Here, the body of the 
rule first matches the left-hand side, and then attempts to satisfy the condition 
s. If that succeeds, then it builds the right-hand side r. The rule is enclosed in a 
scope that makes all term variables xi occurring in 1, s and r local to the rule. If 
more than one definition is provided with the same name, e.g., f (xs) = si and 
f (xs) = s2, this is equivalent to a single definition with the sum of the original 
bodies as body, i.e., f (xs) = si + s2. 

The following definitions provide a useful shorthand. The notation <s> t 
denotes !t; s, i.e., the strategy that builds the term t and then applies s to 
it. The notation s => t denotes s; ?t, i.e., the strategy that applies s to the 
current subject term and then matches the result against t. The combined nota- 
tion <s> t => t’ thus denotes (!t; s) ; ?t’. The <s> t notation can also be 
used in a build expression. For example, the strategy expression ! F (<s> t , t ’ ) 
corresponds to {x : <s> t => x; !F(x,t’)}, where x is a new variable. 

This paper is about three programming idioms and the syntactic abstractions 
to support them. Recursive patterns are an idiom that is directly supported by 
Stratego as introduced above. The syntax of Stratego has been extended for 
contexts and overlays to provide more concise syntax for these idioms. However, 
these syntax extensions are implemented without extending System S. 

2.3 Implementation 

The Stratego compiler translates a specification to a C program that reads a 
term, applies the specified transformation to it, and, if succesful, outputs the 
transformed term. The compiler first translates a specification to a System S 
expression, which is then translated to a list of abstract machine instructions. 
The instructions are implemented in C. The run-time system is based on the 
ATerm library The compiler is implemented in Stratego itself. 
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module pico-syntax 
imports list -basic 
signature 

sorts Program Decl Stat Expr Type Id 
operations 



Block 


List (Decl) * 


Stat -> 


Program 








Decl 


Id * 


Type - 


> Decl 










Natural 


Type 






Plus 


Expr * 


Expr -> 


Expr 


String 


Type 






Minus 


Expr * 


Expr -> 


Expr 


Skip 


Stat 






Cone 


Expr * 


Expr -> 


Expr 


Assign 


Id * 


Expr -> 


Stat 


Var 


Id -> Expr 




Seq 


Stat 


* Stat 


-> Stat 


Int 


Int -> 


Expr 




If 


Expr 


* Stat 


* Stat - 


> Stat Str 


String 


-> Expr 




While 


Expr 


* Stat 


-> Stat 


Id 


String 


-> Id 





Fig. 2. Abstract syntax of Pico. 



3 Contexts 

This section describes contextual patterns, i.e., patterns that relate some bit of 
information from the root pattern to a subterm at variable depth. This is illus- 
trated by the specification of a type checker for the toy language Pico Q . Heering 
gives a concise specification of such a typechecker using a combination of 
second-order matching to relate variable declarations and their occurrences in a 
program and an abstract interpretation style of type checking. 

Pico is a small imperative while-language. It has expressions ranging over 
natural number and string values and the usual statement combinators. A pro- 
gram consists of a block, which contains a list of variable declarations and a 
statement. Variable declarations associate a type (Natural or String) with a 
variable identifier. The abstract syntax of Pico is defined in Figure^ 

A program is statically correct if variables are used consistently with their 
declarations. Conventionally, type checkers are defined as a predicate that tra- 
verses the program carrying the declarations and checking the correctness of 
expressions and statements. In the abstract interpretation style of ^3 first all 
variable occurrences are replaced by their types (using an injection Tp of types 
into identifiers), then consistent combinations of such typed expressions and 
statements are reduced to simpler forms. For example, let variables "a" and 
"b" have type String, the expression Conc(Var(Id("a")) ,Var(Id("b"))) is 
first transformed into Cone (Var(Tp (String)) ,Var(Tp(String))), which then 
reduces to Var(Tp (String) ) . If the program is correct it will reduce to a block 
with a skip statement. However, if the program contains type errors, residuals 
of this error will remain in the result of the type checking procedure and point 
to the offending parts of the program. For example, the program 

Block( [Decl(Id("a") , Natural), Decl(Id("b") , String)], 
While(Var(Id("a")) , Assign(Id("b" ) , Plus (Var (Id("a" ) ) , Var (Id( "a") ) ) ) ) ) 



reduces to 
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module pico-typecheck 


imports pico-syntax traversals 


signature 


operations 


Tp : 


Type -> Id 


rules 




InlTp 


Block(ds [Decl(Id(x) , t)], s[Id(x)]) -> Block(ds, s[Tp(t)]) 


IntTp 


Int (n) -> Var (Tp (Natural) ) 


Strip 


Str(s) -> Var (Tp (String) ) 


Check 


Seq(Skip, s) -> s 


Check 


Seq(s, Skip) -> s 


Check 


Assign(Tp(t) , Var(Tp(t))) -> Skip 


Check 


If (Var (Tp(Natural) ) , si, s2) -> Seq(s2, s3) 


Check 


While (Var (Tp(Natural) ) , si) -> si 


Check 


Plus (Var (Tp (Natural) ) , Var (Tp (Natural) ) ) -> Var (Tp (Natural) ) 


Check 


Minus (Var (Tp(Natural) ) , Var (Tp (Natural) ) ) -> Var (Tp (Natural) ) 


Check 


Cone (Var (Tp (String) ) , Var (Tp (String) ) ) -> Var (Tp (String) ) 


strategies 


typecheck = downup2 (repeat (InlTp + IntTp + StrTp) , repeat (Check) ) 



Fig. 3. Type checking rules and strategy for Pico. 

Block ( [DecKldC a") .Natural) , Decl(Id("b") , String)], 

Assign (Tp (String) , Var(Tp (Natural) ) ) ) 

making clear that the assignment statement is not type correct. 

A specification of this approach is shown in Figure^ The typecheck strat- 
egy declares a downup2 traversal over the program. On the way down identi- 
fiers and constants are replaced by their types by means of rules InlTp, IntTp 
and Strip. On the way up well-typed expressions and statements are reduced 
to simpler forms by the Check rules. Distribution of type information over a 
program is achieved by means of the contextual rule InlTp. The sub-pattern 
ds [Decl (Id(x) , t)] is a context that matches one instance of the pattern 
Decl(Id(x) , t) as a subterm of the ds argument of the Block pattern. The 
sub-patterns s[Id(x)] in the left-hand side and s[Tp(t)] in the right-hand 
side form a context that replaces one occurrence of Id(x) somewhere in the 
statements by Tp(t), where x and t are determined by the match in the ds 
context. 

Contextual rules are implemented by translation to primitive constructs. A 
context X [t] , occurring on the left-hand side only, corresponds to a traversal over 
the term matching x trying to find a match of the pattern t. A context x[l] 
in the left-hand side and x [r] in the right-hand side corresponds to a traversal 
over the term matching x that replaces an occurrence of 1 by the corresponding 
instantiation of r. Thus, a first attempt at implementation of rule InlTp is: 

InlTp : Block(ds, s) -> Block(ds, s’) 

where <oncetd(?Decl(Id(x) , t))> ds ; 

<oncetd(?Id(x) ; !Tp(t))> s => s’ 
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The first clause in the condition makes a traversal over the declarations finding a 
declaration. The second clause traverses the statements replacing an occurrence 
of the identifier in the declaration by its type. 

However, this does not achieve the desired effect. If the first traversal finds 
a declaration for which there are no (more) occurrences of the identifier in the 
statements, then the second traversal will fail, even if there are other declarations 
for which it would succeed. In other words the first traversal needs to backtrack 
to find other declarations if the second traversal fails. This is achieved by inlining 
the second traversal in the first, as follows: 

InlTp : BlockCds, s) -> BlockCds, s’) 
where <oncetd(?Decl(Id(x) , t) ; 

where (<oncetd(?Id(x) ; !Tp(t))> s => s’))> ds 

The where clause of this rule computes a new value s ’ . The outer traversal walks 
over the declarations. When a declaration for an identifier Id(x) is found the 
inner traversal walks over the statements and replaces one occurrence of Id(x) 
with its type Tp(t) from the declaration. If no occurrence of the identifier is 
found in the statements the outer loop continues to search for another declara- 
tion. If no declaration and matching identifier occurrence in the statements can 
be found, the rule fails. 

4 Recursive Patterns 

This section treats recursive patterns, i.e., patterns that describe recursive struc- 
ture as opposed to the fixed structure described by first-order patterns. The 
idiom of recursive patterns is illustrated by the specification of language restric- 
tions. Recursive patterns are also useful tools in program analysis. 

A signature generates a language of terms. A language restriction is a subset 
of a language. Restrictions are not always syntactic, i.e., do not correspond to 
the language generated by a subsignature, but can require constructs only to 
be used in certain combinations. Examples of language restrictions abound in 
language processing: (1) The set of normal forms with respect to a set of rewrite 
rules is a restriction. The rewrite rules give an operational method for obtaining 
the normal form of a term, but they do not describe the structure of the nor- 
mal forms. (2) A core language reflects the computational kernel of a language. 
Again, the transformation that translates a program in the complete language 
to a core language program does not define the structure of core language pro- 
grams. (3) The intermediate languages produced by the stages of a compiler are 
often restrictions of a common language. Subsequent stages introduce lower-level 
features. The combination of all constructs might not form a valid language. (4) 
Languages embedded in a generic representation format. The generic format 
allows a wide range of expressions, only a few of those are expressions in the 
embedded language. 

Language restrictions are often dealt with informally. A component of a lan- 
guage processor assumes its input to be in a certain form that is not defined any- 
where. Descriptions of language restrictions separate from the transformations 
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module prop 
signature 
sorts Prop 
operations 

Atom : String -> Prop And : Prop * Prop -> Prop 

Not : Prop -> Prop Or : Prop * Prop -> Prop 

strategies 

conj (s) = rec x(And(x, x) <+ s) 

disj (s) = rec x(0r(x, x) <+ s) 

conj-nf = conj (disj (Atom (id) + Not (Atom(id) ) ) ) 

disj-nf = disj (conj (Atom(id) + Not (Atom (id) )) ) 



Fig. 4. Characterization of conjunctive and disjunctive normal forms. 



that produce them are useful for documentation (what restriction is consumed 
or produced by this language processor) and validation (check that the input or 
output of a processor conforms to the restriction) . Strategies support the concise 
description of language restrictions by means of recursive patterns. A recursive 
pattern is a strategy that describes the structure of a set of terms by means of 
recursion and congruences. This technique is illustrated by two examples: dis- 
junctive and conjunctive normal forms of propositional formulae and, in the next 
section, the embedding of AsFix in ATerms. 

As a first example, consider a language of propositional formulae constructed 
from atoms (proposition letters) with negation, conjunction and disjunction. The 
signature describing the abstract syntax of this language is shown in Figure^ 

A formula is in conjunctive normal form if it is a conjunction of disjunctions 
of atoms or negated atoms. Likewise, a formula is in disjunctive normal form 
if it is a disjunction of conjunctions of atoms or negated atoms. These restric- 
tions can be characterized concisely by means of the recursive patterns in Fig- 
ure^ Given some strategy s that characterizes formulae in some form, the strat- 
egy rec x(And(x, x) <+ s) describes conjunctions of the form And(And(. . . , 

. . . ) , And( . . . , . . . ) ) with leaves of the form s. Thus, the operators conj (s) 
and disj(s), describe conjuncts and disjuncts of s’s, respectively. Hence, the 
combination conj (disj (s) ) describes conjuncts of disjuncts of s’s. Unfolding 
the definition of conj and disj in conj-nf gives: 

conj-nf = rec x(And(x, x) + rec y(0r(y, y) + Not (Atom (id) ) + Atom(id))) 

So conj-nf and disj-nf describe conjunctive and disjunctive normal forms, 
respectively. 

5 Overlays 

This section introduces overlay patterns, i.e., patterns composed with pseudo- 
constructors that abstract from a concrete representation with real constructors. 
Overlays are first-class citizens in the sense that all operations that apply to 
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normal constructors, i.e., matching, building and congruence, apply to overlays 
as well. Furthermore, overlays can be defined in terms of other overlays, allowing 
a hierarchy of abstractions. The technique is illustrated by the definition of 
overlays for the representation of AsFix constructs in ATerms. These are applied 
in another example of recursive patterns to describe the restriction of ATerms 
to AsFix expressions. 

5.1 ATerms and AsFix 

The Annotated Term Format or ATerms is a universal data type designed 
for representing data types in a generic manner for the purpose of data exchange, 
generic manipulation and persistent storage of data. FigureOgives the signature 
of ATerms. An ATerm is either an application (Appl) of an AFun to a list of terms, 
or a list (AList) of terms. An AFun is either an integer (int), quoted string (Str) 
or an unquoted symbol (Sym). For example, the ATerm 

Appl (Sym(" And" ) , [Appl(Sym("Atom") , [Appl(Str("a") , [])]), 

Appl (Sym ("Atom" ) , [Appl (Str ( "b" ) , [])])]) 

is an encoding of the propositional formula And (Atom ("a") , AtomC'b")). 

AsFix is the abstract syntax for the algebraic specification formalism ASF+ 
SDF It is used as the intermediate representation for language processors 
such as a term rewriting compiler and a pretty-printer generator. The AsFix 
representation of a specification consists of a signature and a list of conditional 
equations over typed first-order terms. Here only unconditional equations over 
first-order terms are considered. 

One of the characteristics of AsFix is its encoding of syntactic information. 
In ASF-FSDF constructors are defined by means of a context-free production 
that declares its mix-fix syntax and the sorts of its arguments. In AsFix both 
the sort information and the syntactic information is retained. For example, the 
production E " + " E -> E is represented by the AsFix expression 

Prod( [SortC'E") , Lit(" + "), SortC'E")], SortC'E")) 

Productions p of this form are used as the constructor ‘names’ in applications 
of the form App (p , [al , . . . , an] ) . Below a precise definition of AsFix is given. 

AsFix expressions can be represented as ATerms. For instance, the production 
above is represented by the ATerm 

Appl (SymC'Prod" ) , [AList ( [Appl(Sym("Sort" ) , [Appl (Str ( "E" ) , [])]), 

Appl (Sym (" Lit ") , [Appl(Str(" + ") , [])]), 

Appl (Sym ("Sort" ) , [Appl (Str ( "E" ) , [])])]), 
AppKSymC'Sort") , [Appl (Str ("E") , [])])]) 

This representation allows easy exchange, persistency and generic manipulation 
of AsFix expressions. However, the representation has two problems: (1) Since 
the ATerm format is a universal datatype, not every ATerm is a valid AsFix 
expression. (2) Since the ATerm format is bulky, specifying operations on AsFix 
using pattern matching on the ATerm representation is rather tedious. The first 
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module aterms 
signature 

sorts AFun ATerm 
operations 



Int 


: Int -> 


AFun 


Appl 


AFun * List (ATerm) -> ATerm 


Str 

Sym 


: String 
: String 


-> AFun 
-> AFun 


AList 


List (ATerm) -> ATerm 



Fig. 5. ATerm signature. 



problem is solved by definining a recursive pattern that characterizes the ATerms 
that are valid AsFix expressions. This recursive pattern can be used to validate 
input to language processors. The second problem is solved by defining overlays 
that abstract from the concrete ATerm representation of AsFix expressions, while 
still maintaining that representation under the hood. 

5.2 Overlays for AsFix 

Overlays are abstractions of term patterns. An overlay definition C(xl, . . . , 
xn) = pat introduces a new constructor C with n arguments that is an abbrevi- 
ation of the pattern pat. This new constructor can be used in all places where 
the pattern pat can be used, i.e., in match patterns, build patterns and con- 
gruences. An expression ?t (!t) with an occurrence of C(tl, . . . ,tn) denotes 
the expression ?t’ (!f), where t’ is obtained by replacing C(tl, . . . ,tn) by 
pat [tl/xl, . . . ,tn/xn] in t. A congruence expression C(sl, . . . ,sn) denotes 
the instantiation of the congruence derived from the pattern t, with the strate- 
gies si substituted for the variables xi. 

Figurefldefines overlays for the constructs of AsFix. For example, the overlay 

ProdCas, r) = Appl(Sym("Prod") , [AList(as), r] ) 

defines an abstraction for the ATerm pattern encoding an AsFix production. 
Using these overlays the complicated ATerm above can be written as 

ProdC [SortC'E") , Lit(" + "), SortC'E")], SortC'E")) 

Overlays can now be used in the recursive pattern that characterizes the 
restriction of ATerms to AsFix. The patterns asfix-. . . in Figure B describe 
the syntactic categories of AsFix expresions using the congruences — expressions 
such as Lit (string) and AppCasf ix-prod, list (x) ) — that are derived from 
the overlays. The pattern asf ix-prod defines a production as a Prod with a list 
of asf ix-sorts as first argument and an asf ix-sort as second argument. The 
pattern asf ix-term defines an AsFix term as a literal, a typed variable, or an 
application of a production to a list of terms. The pattern asf ix-equ defines an 
equation as an Equation with a non- variable term as left-hand side and a term 
as right-hand side. 

The recursive patterns only describes ‘raw’ AsFix expressions and do not 
check that the argument sorts in the Prod of an application correspond to the 
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module asfix 

imports aterms traversals strings 
overlays 



Sort (n) 

Lit(l) 

ProdCas, r) 
App(p, as) 
Var(s, n) 
EquationCl, r) 
strategies 
asf ix-sort 
asf ix-prod 
asf ix-term 



AppKSymC'Sort") , 
AppKSymC'Lit") , 
AppKSymC'Prod") , 
Appl (Sym ( " App" ) , 
AppKSymC'Var") , 



[AppKStr (n) , [])]) 
[AppKStr(l), [])]) 
[AList(as), r] ) 

[p, AList(as)]) 

[s, n]) 



Appl (Sym ( "Equation" ) , [1, r] ) 



asf ix-equ 
asf ix-eqs 
rules 
Checkl 
Check2 
Checks 
strategies 

typecheck-term 
typecheck-eqs = 



Sort (string) + Lit (string) 

Proddist (asf ix-sort) , asf ix-sort) 
rec x(Lit (string) + 

Var (asf ix-sort , string) + 

App (asf ix-prod, list(x))) 
Equation(asf ix-term; not(Var(id, id)), 
list (asf ix-equ) 



asf ix-term) 



Var(x, _) -> X 

App (Prod (args, res), args) -> res 
Equation(srt , srt) -> Equation(srt, srt) 



= rec x(Lit(id) + Checkl + App(id, list(x)); Check2) 
list (Equation (typecheck-term, typecheck-term); Check2) 



Fig. 6. AsFix: overlays, recursive pattern and type checker. 



sorts of the actual arguments of the application. To test this a typechecker in an 
abstract interpretation style similar to that of the Pico typechecker in Section | 
is defined in Figure^ Only now there is no need to distribute type information, 
since terms are already annotated with their types. 

The process of defining overlays to hide the underlying representation can 
be repeated, e.g., to define on top of the AsFix abstractions another layer to 
describe patterns for a specific instantiation of AsFix terms. For instance, take 
the SDF productions E " + " E -> E and E E -> E. The following overlays 
define shorthands for AsFix terms using these productions: 

overlays 

BinexpOp(o) = Prod( [SortC'E") , Lit(o), SortC'E")], SortC'E")) 

Binexpd, o, r) = App(Binexp(o) , [1, Lit(o), r] ) 

Plusd, r) = Binexpd, " + ", r) 

Muld, r) = Binexpd, r) 

These overlays allow the ‘domain-specific’ transformation rule 

Distr : Mul(x, Plus(y, z)) -> Plus(Mul(x, y) , Mul(x, z)) 

Although this rule is written at the level of the embedded language of expressions, 
they are applied at the level of the underlying ATerm representation. 
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6 Related Work 

Programmable rewriting strategies originate in theorem proving tactics and were 
first introduced in rewriting in the specification language ELAN . In the al- 
gebraic specification formalism Maude Q strategies can be defined by the user 
as meta-level specifications. System S and Stratego were developed in ^S(s^ 
quential non-deterministic programming and generic term traversal) and 
(breaking down rewrite rules in matching and building term patterns). ELAN 
supports congruences and recursive equations, which should support definition of 
recursive patterns. Overlays and contexts are not supported either by ELAN or 
by Maude. See for more details on the relation between these languages. 

A wide range of languages introduce enhanced pattern matching features. A 
brief and necessarily incomplete overview follows: 

The transformation languages Dora Q and XXL QQ are examples of 
languages with some ad-hoc combinations of traversal and pattern matching. 

Context patterns can be implemented by means of higher-order matching in 
AProlog 13. A higher-order pattern F(t) instantiates the function variable F 
such that application to t yields the term that is matched. Heering gives 
an example of second-order matching that we discussed in Section J Mohnen’s 
context patterns for Haskell are similar to higher-order matching in AProlog. 
Sellink and Verhoef Q show how list matching can be used to implement shal- 
low contexts (that can find statements in a list of statements, but at a fixed 
nesting depth) used for transforming COBOL programs. Stratego contexts pro- 
vide the additional possibility of specifying the traversal to be used. This implies 
that restrictions on the structure of the context can be imposed and that more 
than one replacement can be done. 

Aiken and Murphy Q describe a language of regular tree expressions for 
program analysis. Their language is very similar to the recursive patterns in this 
paper, but is restricted to recognition only. 

An overlay is an abbreviation for three abstractions: a match abstraction, 
a build abstraction and a congruence abstraction. The pattern templates for 
SML of Aitken and Reppy Q define two abstractions: a match abstraction and 
a build abstraction. Congruences are not supported in SML. Another difference 
with templates is that templates need to be linear. In a definition C(x) = t, the 
variable x can occur only once in t. Overlays do not need to be linear. 

A view type in Wadler’s proposal for views in Haskell presents an al- 
ternative view to a representation data type by means of a pair of conversion 
functions that translate between the representation type and the view type. 
Views are more general than overlays and templates, in that they allow rear- 
rangement of the underlying pattern. However, this added expressivity turns 
into a disadvantage if one considers pattern matching. Overlays are abstractions 
that do not result in a loss of efficiency, while views can require an arbitrary 
transformation. View-like transformations are of course expressible in Stratego. 
Thompson’s lawful types for Miranda are similar to views. 

Another problem with general views is that it can destroy equational reason- 
ing Several proposals repair this by only allowing views in match 
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expressions and not in build expressions. Values in the underlying data represen- 
tation should be constructed by means of functions. Erwig’s active patterns Q 
could be considered as functions that inspect and transform their argument and 
then bind subterms to variables or fail. Fahndrich and Boyland Q syntactically 
restrict the patterns used in pattern abstractions such that pattern matching 
becomes statically checkable. 

7 Conclusions 

This paper presented three examples of strategic pattern matching: contexts, 
recursive patterns and overlays. These idioms provide concise specification of 
expressive patterns that enhance standard first-order patterns. Their definition 
follows naturally from the features of System S; for some of the techniques new 
syntactic abstractions were added to Stratego, but no new System S constructs 
were needed. The key features that enable this expressivity are: (1) ability to 
abstract over pattern matching (where abstraction over building is a common 
feature of many languages), and (2) the separation of variable scope and match- 
ing, which enables the communication of variable bindings over other operations, 
and (3) generic term traversals through all, some and one. 

The techniques described in this paper have been applied in the specification 
of the (bootstrapped) Stratego compiler, in an optimizer for RML 
in a specification of the warm fusion transformation for functional programs 
^ 3 . Future work includes: the application of these techniques in other program 
transformations; the development of more abstractions for concise specification 
of program transformations; and the optimization of strategies, in particular 
traversal fusion, which is important for the optimization of contextual rules. 

Acknowledgements The author thanks Andrew Tolmach, Patty Johann and the 
referees for comments on drafts of this paper. 
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Abstract. We present a modular proof of the strong normalisation of 
intuitionistic logic with permutation-conversions. This proof is based on 
the notions of negative translation and CPS-simulation. 



1 Introduction 

Natural deduction systems provide a notion of proof that is more compact (or, 
quoting Girard more primitive) than that of sequent calculi. In particu- 
lar, natural deduction is better adapted to the study of proof-normalisation 
procedures. This is true, at least, for the intuitionistic systems, where proof- 
normalisation expresses the computational content of the logic. Nevertheless, 
even in the intuitionistic case, the treatments of disjunction and existential 
quantification are problematic. This is due to the fact that the elimination rules 
of these connectives introduce arbitrary formulas as their conclusions. Gonse- 
quently, in order to satisfy the subformula property, the so-called permutation- 
conversions are needed. 

Strong normalisation proofs for intuitionistic logic are more intricate 
in the presence of permutation-conversions. For instance, the proofs given in 
textbooks such as | and do not take permutation-conversions into accountj 
In this paper, we revisit this problem and present a simple proof of the strong 
normalisation of intuitionistic logic with permutation-conversions. This proof, 
which is inspired by a similar proof in Q, has several advantages: 

— It is modular and, therefore, easily adaptable to other systems. Indeed, 
the problem related to the interaction between permutation- and detour- 
conversions is avoided (see Lemma^J in Section^. 

— It is based on a continuation-passing-style interpretation of intuitionistic 
logic, which sheds light on the computational content of the several con- 
version rules. In particular, it shows that the computational content of 
permutation-conversions is nil. 

^ In H, extending the proof to permutation-conversions is left to the reader while 
in the technique that is used is not adapted to the case of permutation- 

conversions. 
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— It is based on an arithmetisable translation of intuitionistic logic into the 
simply typed A-calculus. Consequently, when combined with an arithmetis- 
able proof of strong normalisation of the simply typed A-calculus (see for 
instance), it yields a completely arithmetisable proof of the strong normali- 
sation of intuitionistic logic. This must be contrasted with the proof in , 
which is based on an interpretation into higher-order Heyting arithmetic. 

The paper is organised as follows. 

Section 2 is an introduction to the proof-theory of intuitionistic positive 
propositional logic (IPPL). In particular, we define the notions of detour- and 
permutation-conversions by means of an associated A-calculus Our pre- 

sentation is essentially inspired by 

In Section 3, we establish the strong normalisation of IPPL with respect 
to permutation-conversions. The proof consists simply in assigning a norm to 
the untyped terms of A^^^, and showing that this norm strictly decreases by 
permutation conversion. 

Section 4 provides a negative translation of IPPL into the implicative frag- 
ment of intuitionistic logic. At the level of the proofs, this negative translation 
corresponds to a CPS-simulation of A^^^ into the simply typed A-calculus. We 
show that this CPS-simulation (slightly modified) commutes with the relations 
of detour-conversion and /3-reduction, from which we conclude that is 

strongly normalisable with respect to detour-conversions. 

In Section 5, we collect the results of the two previous sections in order to 
show that A^^^ is strongly normalisable with respect to detour- and permu- 
tation-conversions mixed together. To this end, we show that the modified CPS- 
translation of Section 4 interprets the relation of permutation-conversion as 
equality. This means that we have found a negative translation commuting with 
the permutation-conversions, answering a problem raised by Mints 

Our proof may be easily adapted to full intuitionistic propositional calculus 
(by adding negation), and to first-order intuitionistic logic (by adding quanti- 
fiers). We do not present this extension here, for the lack of space. 

2 Intuitionistic Positive Propositional Logic 
2.1 Natural Deduction 

The formulas of intuitionistic positive propositional logic (IPPL) are built up 
from an alphabet of atomic propositions A and the connectives — A, and V 
according to the following grammar: 

::= A I \ T hT \ T M T 

Following Gentzen P, the meaning of the connectives is specified by the intro- 
duction and elimination rules of the following natural deduction system (where 
a bracketed formula corresponds to a hypothesis that may be discarded when 
applying the rule) . 
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[a] 

(3 a ^ P a 

a ^ f3 (3 

a (3 ofA /3 ah (3 

a A P a P 

[a] [P] 

^ P a\/ P j 7 

a V /3 a\J P ^ 

As observed by Prawitz an introduction immediately followed by an 
elimination corresponds to a detour that can be (locally) eliminated. Consider, 
for instance, the case of implication: 

[a] 

: ni 

(Intro.) : ^2 

a ^ P a 

(Elim.) 

P 

7 Ti is a proof of P under the hypothesis a. On the other hand, II2 is a proof 
of a. Consequently, one may obtain a direct proof of P by grafting II 2 at every 
place where a occurs in II i as a hypothesis discarded by Rule (Elim.): 

; h2 

a 

: 7Ti 

p 

When such local reduction steps allow any proof to be transformed into a proof 
without detour, one says that the given natural deduction system satisfies the 
normalisation property. Moreover, when this property holds independently of the 
strategy that is used in applying the reduction steps, one says that the system 
satisfies the strong normalisation property. 



2.2 Natural Deduction as a Term Calculus 

As well-known, there exists a correspondence between natural deduction sys- 
tems and typed A-calculi, namely, the Curry-Howard isomorphism This 

correspondence, which is described in the table below, allows natural deduction 
proofs to be denoted by terms. 
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Natural deduction 


A-calculus 


propositions 


types 


connectives 


type constructors 


proofs 


terms 


introduction rules 


term constructors 


elimination rules 


term destructors 


active hypothesis 


free variables 


discarded hypothesis 


bound variables 



In the case of IPPL, the corresponding term calculus is the simply typed 
A-calculus with product and coproduct, which we will call In particular, 

introduction and elimination rules for conjunction correspond to pairing and 
projection functions, while introduction and elimination rules for disjunction 
correspond to injection and case analysis functions. The syntax is described by 
the following grammar, where df is a set of variables: 

r ::=T I AT.r I (TT) |p(r,T) iPiT |p 2T |kiT |k2T |D;,.;,(r,r,r) 
and the typing rules are as follows: 

[ a; : q: ] 

M : (3 M : a ^ (3 N : a 

Ax. M : a ^ (3 M N : (3 



M : a N : (3 M : a A (3 M : a A (3 



p(M, N) : a A f3 p^ M : a 
M -.a M : P 



kiM:aV/3 \i2 M : a\/ P 



P 2 M : P 

[x:a] [y.P] 

M a\J P N : j 0:7 



2.3 Detour- Conversion Rules 



The Curry-Howard isomorphism is not only a simple matter of notation. Its 
deep meaning lies in the relation existing between proof normalisation and A- 
term evaluation. Indeed an introduction immediately followed by an elimination 
corresponds to a term destructor applied to term constructor. Consequently, 
Prawitz’s detour elimination steps amount to evaluation steps. For instance, the 
detour elimination step for implication corresponds exactly to the familiar notion 
of /3-reduction: 



: ni 






M : P 


\ 372 


N i 


Ax. M : a ^ P 


N : a 



372 

a 

. ni 
M[x:=N] : P 



{Xx.M)N: P 
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It is therefore possible to specify the detour elimination steps as simple 
rewriting rules between A-terms. Following these rules are called detour- 
conversion rules. We use to denote the corresponding one-step reduction 

relation between A-terms and, following we use and to denote, 

respectively, the transitive closure and the transitive, reflexive closure of “^_d” . 

Definition 1. (Detour-conversions) 

1. {Xx.M)N M[x:=N] 

2. Pip(M,fV) M 

3. 

4. M, TV, O) N[x:=M] 

5. D,.j,(k 2 M, TV, O) 0[y:=M] ■ 

It must be clear that the Curry-Howard isomorphism allows one to reduce 
proof normalisation problems to A-term normalisation problems. In particular, 
the strong normalisation of intuitionistic implicative logic corresponds to the 
strong normalisation of the simply typed A-calculus ^ (which is, by the way, 
the only normalisation result we assume in this paper). There is, however, a 
slight difference that must be stressed. The grammar given in Section^^ de- 
fines untyped A-terms, some of which do not correspond to natural deduction 
proofs. Consequently, the question whether the untyped A-terms satisfy some 
normalisation property has no direct equivalent in the logical setting. 



2.4 Permutation-Conversion Rules 



In the disjunction free fragment of IPPL, the normal proofs (i.e., the proofs 
without detour) satisfy the subformula property. This means that if 7T is a 
normal proof of a formula a under a set of hypotheses P, then each formula 
occurring in 7T is a subformula of a formula in T U {a}. In the presence of 
disjunction, the detour-conversions of Definition ^ are no longer sufficient to 
guarantee the subformula property. Consider the following example: 



a V /3 



[a, 7] 

: 

s 

(Intro.) 

7 ^ d 



1 / 3 . 7 ] 

; 772 

s 

(Intro.) 

7^0 



7 



6 



6 



: n 

- (Elim.) 



A priori there is no reason why 7 and 7 — > 5 would be subformulas of 5 or 
of any hypothesis from which 5 is derived. This is due to the fact that there 
are introduction rules followed by an elimination rule. Indeed, one would like to 
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reduce the above example as follows: 



■ n ■ n 

[a] 7 [13] 7 

; - III -112 

a\/ P S S 

3 



However, such a reduction is not possible by applying only the detour-conversion 
rules of Definitionjbecause, in the above example, the elimination rule does not 
immediately follow the introduction rules. For this reason, some other conversion 
rules are needed, the so-called permutation- eonversion. For instance, to reduce 
the above example, we need the following rule: 



[a] [P] 



a\J P 7 — 7 — *-(5 
7 — > (5 



: n 

1 



6 



[a] [P] 

: '■ n : 

: 7 ^ (5 7 7 ^ (5 

aV P S S 

d 



: ^ 

7 



The above conversion, which concerns the implication elimination rule, obeys a 
general scheme: 

[a] [P] [a] [P] 

a\J P 7 7 

(Elim.) 



aV P 



(Elim.) 



(Elim.) 



All the permutation-conversions may be obtained, from the above scheme, by 
replacing Rule (Elim.) by the different elimination rules of IPPL. Of course, 
it is also possible to express these permutation-conversions as rewriting rules 
between A-terms. This is achieved in the following definition. 



Definition 2. (Permutation-conversions) 



D,,j,(M, N,0)P- 
PiD,.y(M, N,0) 
P2D,.j,(M,fV,0) 



pD,.j,(M,iVP,OP) 



>P Da;,j^(M,Pi iV,Pi O) 



>P D3,,y(M,p2 fV,P2 0) 



D„,„(D,,j,(M, N, 0),P, Q) D,.j,(M, D„.„(7V, P, Q), D„.„(0, P, Q)) 



We are now in a position to state precisely the question addressed by the 
present paper: how can we give a modular proof of the strong normalisation 
of IPPL with respect to both the detour- and permutation-conversions? or, 
equivalently, how can we prove that the typed A-terms of Section^3satisfy the 
strong normalisation property with respect to the reduction relation induced by 
the union of the rewriting systems of definitionsHctndH’ 



On the Strong Normalisation of Natural Deduction 



51 



3 Strong Normalisation of Permutation-Conversions 

In this section, we establish the strong normalisation of with respect to 

permutation-conversions. The proof consists simply in assigning a norm to the 
A-terms and then in proving that this norm (which we call the permutation 
degree) is decreasing under the reduction relation — >p. 

Definition 3. (Permutation degree) 

1 . |a;| = 1 

2. \Xx.M\ = \M\ 

3. \MN\ = |M|-h#Mx |7V| 

I |p(M,iV)| = |M| + |iV| 

5. |piM| = |M|-h#M 

6 . |p2M| = |M| + #M 

7. |kiM| = \M\ 

8. IkaMl = \M\ 

9. N,0)\ = \M\ + #M X {\N\ + |0|) 
where: 

10. #x = l 

11. #\x.M= 1 

12. #MN = #M 

13. #p(M,iV) = l 

14 . = 

15. #P2 M = #M 

16. 4\liM = 1 

17. #k2M = 1 

18. N,0)=2x#Mx (#iV + #0) ■ 

Lemma 4. Let M and N be two X-terms of A^^^ such that M N. Then 
#M=#N. 

Proof. Let C[] be any context, i.e., a X-term with a hole. It is straightforward 
that ffC[M] = ffC[N] whenever ffM = ffN. Hence it remains to show that ff 
is invariant under each rewriting rule of Definition^ 

#B,,,y{M,N,0)P 

= #T>,,y{M, N, O) 

= 2x#Mx {#N + #0) 

= 2 X #M X [ffN P + #0 P) 

= #D,,j,(M,7VP,OP) 

#p,D,.j,(M,fV,0) 

= N, O) 

= 2x#Mx (#iV + #0) 

= 2 X #M X (#Pi N + #Pi O) 

= ifT>x,y(.M, Pi N,PiO) 
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N,0),P,Q) 

= 2 X N, O) X (#P + #Q) 

= 4 X #M X (#7V + #0) X (#P + #Q) 

= 2 X #M X (2 X #7V X (#P + #Q) + 2 X #0 X (#P + #Q)) 

= 2 X #M X (#D„,„(7V, P, Q) + #D„,„(0, P, Q)) 

= D„,„(7V, P, Q), D„.„(0, P, Q)) 

□ 



Lemma 5. Lei M and N he two X-terms of such that M -^p N . Then 

\M\>\N\. 

Proof. The proof is similar to that of the previous lemma. We show that the 
permutation degree is strictly decreasing under the rewriting rules of Definitions^ 

N,0)P\ 

= TV, 0)1 + N, O) x |P| 

= \M\ + #M X (|7V| + |0|) + 2 X #M X (#7V + #0) x |P| 

> |M| + #Mx (|iV| + |0|) + #Mx (#iV + #0) X |P| 

= \M\ + #M X {\N\ + #Nx \P\ + \0\ + #0 X |P|) 

= |M| + #Mx (|iVP| + |0P|) 

= |D,,j,(M,iVP,OP)| 

|p,D,,y(M,iV,0)| 

= iV, 0)1 + N, O) 

= \M\ + #M X (|7V| + |0|) + 2 X #M X (#7V + #0) 

> \M\ + #M X (|7V| + |0|) + #M X (#7V + #0) 

= |M| + #Mx (|7V| + #7V+ |0| + #0) 

= |M| + #Mx (|p,7V| + |p,0|) 

= \^x,y{M,PiN,p^O)\ 

\r>uA^x,y{M, 7V,0),P,Q)| 

= iV, 0)1 + N, O) X (|P| + |g|) 

= |M| + #Mx (|iV| + |0|) + 2 X #Mx {#N + #0) x (|P|+ |Q|) 

> |M| + #Mx (|iV| + |0|) + #Mx (#iV + #0) X (|P| + |Q|) 

= \M\ + #M X (|iv| + #iv X (|p| + |g|) + |o| + #o X (|p| + |g|)) 

= |M| + #Mx (|D„,,(iV,P,g)| + |D„.,(0,P,g)|) 

= D„.„(7V, P, g), D„.„(o, P, g))| 

□ 

We immediately obtain the expected strong normalisation result from the 
above lemma. 

Proposition 6. is strongly normalisahle with respect to permutation- 

conversions. □ 

Remark that this proposition also holds for the untyped terms. This fact 
confirms that the permutation-conversions do not have a real computational 
meaning. The fact that they are needed to obtain the subformula property may 
be seen as a defect of the syntax. 
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4 Negative Translation and CPS-Simnlation 

We now establish the strong normalisation of with respect to detour-con- 

versions. To this end we interpret IP PL into intuitionistic implicative logic by 
means of a negative translation. This corresponds to a translation of into 

the simply typed A-calculus. This translation must satisfy two requirements. On 
the one hand, it must provide a simulation of the detour-conversions. On the 
other hand it must be compatible with the permutation-conversions in a sense 
that will be explained. In order to satisfy the first requirement, the negative 
translation we use is a generalisation of the one used by Meyer and Wand in the 
implicative case Q, i.e., a generalisation of the translation induced by Plotkin’s 
call-by-name CPS-translation 

Definition 7. (Negative translation) The negative translation a of any formula 
a is defined as: 

— O 

a = 

where 

= a ^ o 

for some distinguished atomic proposition o (that is not used elsewhere), and 
where: 

1. a° = a 

2. {a — > P)° = a^P 

3. (a A P)° = '^(a ~/3) 

4- (a V 0)° = ~o ^ ■ 

Then we accommodate Plotkin’s call-by-name simulation to the case of . 
Definitions. (CPS-translation) 

1. X = Xk. X k 

2. \x. M = \k.k{\x.lA) 

3. {M N) = Xk. M (Am. mN k) 

4- p{M, N) = Xk. k {Xp. p M N) 

5. PiM = Xk. M {Xp.p{Xi. Xj.ik)) 

6. poM = Xk. M iXp.p iXi.Xj. jk)) 

1. FTM = Afc.fc(Az.Aj.fM) 

8. k2 M = Xk. k {Xi. Xj. j M) 

9. T)x,y{M, N, O) = Xk. M (Am. m (Aa;. N k) (Ay. O k)) 

where k, m, p, i and j are fresh variables. ■ 

We now prove that the translations of Definitionjandjcommute with the 
typing relation. 

Proposition 9. Let M he a X-term of A^'^^ typable with type a under a set of 
declarations T. Then M is a X-term of the simply typed X-calculus, typable with 
type a under the set of declarations T. 



54 



Philippe de Groote 



Proof. See Appendis^^ □ 

The translation of Definition^does not map normal forms to normal forms. 
This is due to the so-called administrative redexes that are introduced by the 
translation. The modified translation below circumvents this problem. 

Definition 10. (Modified CPS-translation) The modified CPS-translation M of 
any X-term M of is defined as: 

If = Afc. (M : k) 

where k is a fresh variable, and where the infix operator obeys the following 
definition: 

1. X : K = X K 

2. Xx.M : K = K{Xx.M) 

3. {M N) : K = M : Xm.mWK 

4. p(M, N): K = K (Xp.pWW) 

5. M : K = M : \p. p (At. Aj. i K) 

6. P 2 M : K = M ■. Xp. p (Xi. Aj. j K) 

1. ki M : K = K(Xi.Xj.iW) 

8. kaM : if = K (Xi.Xj.jW) 

9. N,0) : K = M : Xm.m {Xx. {N : K)) (Ay. (O : K)) 

where m, p, i and j are fresh variables, and where, in Clause 9, x and y do not 

occur free in K. Remark that this last condition is not restrictive since it may 
always be satisfied by renaming. ■ 

As expected, the modified translation is a /3-reduced form of the CPS-trans- 
lation. 

Lemma 11. Let M and K be terms of . Then: 

1 . A'l — ^ ^ iVi , 

2. MK M ■. K. 

Proof. We proceed by induction on the structure of M . Property 1 is the property 
of interest, while Property 2 is needed to make the induction work. □ 

^From this lemma, we get the analogue of Proposition Q for the modified 
translation. 

Proposition 12. Let M be a X-term of A^^^ typable with type a under a set 
of declarations P. Then M is a X-term of the simply typed X-calculus, typable 
with type a under the set of declarations P. 

Proof. The proposition follows from Proposition^ Lemmo^J and the subject 
reduction property of the simply typed X-calculus. 
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The modified CPS-translation allows the detour-conversions of to be 

simulated by /3-reduction. This is established by the next lemmas. 

Lemma 13. Let M and N be X-terms of and K be a simple X-term. 

Then: 

1. {M : K)[x:=W] {M[x:=N]) : {K[x:=W]), 

2. W[x:=W\ M[x:=N\. 

Proof. Property 2 is a direet eonsequence of Property 1, whieh is established by 
a straightforward induetion on the strueture of M . □ 



Lemma 14. Let M and N be two X-terms of sueh that M — N. Then: 

1. M : K N : K , for any simple X-term K , 

2 . 



Proof. Property 2 may be established as a direet eonsequence of Property 1. Then 
proving that C[M] \ K C[N] : K whenever M : K N \ K consists in a 
straightforward induction on the structure of the context C[\. Hence it remains 
to establish Property 1 for the five rewriting rules of Definition^^ 



{{Xx.M)N):K = {Xx. M) : Xm.mN K 
= {Xm.mN K) {Xx. M) 

{Xx.W)Wk 
W[x:=W] K 
M[x:=N] K 
{M[x:=N]) : K 

{v>iP{M,N)) ■. K = p{Mi,M2) : Xp.p{Xji.Xj2..jjJ<)_ 

= {Xp.p(^i^j2.jiK)){Xp.pMiM2) 

^p {Xp.pMi M2){^i._X^2-jiK) 

{^1 .Xj2.jiK) M 1 M 2 
^pM,K 
^pM,-.K 



= (kj M) : Am. m (Aa;i. (iVi : K)) {Xx 2 . {N 2 : K)) 

= {Xm.m{Xxi^Ni : K)) {Xx2. {N 2 : K))) {Xji. Xj2. ji M) 
(Xji. Xj2-JiM)JXxi. {Ni : K)) {Xx2. {N 2 : K)) 

^p {Xx,. {N, : K))M 
^p {N, : K)[x,:=M] 

^p {N,[xp.=M\) : K 



□ 
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The above lemma allows any sequence of detour-conversion steps to be sim- 
ulated by a longer sequence of /3-reduction steps in the simply typed A-calculus. 
Therefore, since the simply typed A-calculus is strongly /3-normalisable, we im- 
mediately obtain the following proposition. 

Proposition 15. A“*^^ is strongly normalisahle with respect to detour-conver- 
sions. □ 

5 Strong Normalisation 

In this section we prove that is strongly normalisable with respect to both 

detour- and permutation-conversion. This is not a direct consequence of Propo- 
sitionsjand^jbecause detour-conversions can create permutation-redexes and, 
conversely, permutation conversions can create detour-redexes. Therefore we 
first show that the modified CPS-translation maps the relation of permutation- 
conversion to syntactic equality. 

Lemma 16. Let M and N be two X-terms o/A^^^ such that M -^p N. Then: 

1. M : K = N : K, for any simple X-term K, 

2. W = W. 

Proof. Property 2 is a direct consequence of Property 1. To show that C[M] : 
K = C[iV] : K whenever M : K = N \ K consists in a routine induction on 
the structure of the context C[\. It remains to establish Property 1 for the four 
rewriting rules of Definition^^ 

{■D,^y{M,N,0)P): K 

= N, O) : Am. mPK 

= M : Am. m{Xx. {N : Am. mP K)) (Ay. (O : Am. mP K)) 

= M -.Xm.m (Xx. (N P : K)) (Ay. {O P : K)) 

= T>^^y{M,N P,OP) : K 
ip,-D,JM,N,0)):K 

= Da;,y(M, iV, O) : Xp.p{Xji. Xj2.jiK) 

= M : Xm.m{Xx. {N : Xp.p{Xj\. Xj 2 .fi K))) 

(Ay. (O : Xp.p{Xji.Xj 2 .jiK))) 

= M : Am. m {Xx. (pj N : K)) (Ay. (pj O : K)) 

= D,,j,(M,p,/V,p,0) 

D„,„(D,,j,(M,/V,0),P,Q):/f 

= T)x,y{M^ /V, O) : Am. m {Xu. {P : K)) {Xv. {Q : K)) 

= M : Am. m (Aa;. {N : Am. m {Xu. {P : K)) {Xv. {Q : K)))) 

(Ay. {O : Am. m {Xu. {P : K)) {Xv. {Q : K)))) 

= M-.Xm.m {Xx. (D„,„(/V, P, Q) : K)) (Ay. (D„,„(0, P, Q) : K)) 

= D,.y(M, D„.,(iV, P, Q), D„.,(0, P, Q)) : K 

□ 



We may now prove the main result. 
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Theorem 17. is strongly normalisahle with respect to the reduction rela- 

tion induced hy the union of the detour- and permutation- conversions. 

Proof. Suppose it is not the case. Then there would exist an infinite sequence 
of detour- and permutation-conversion steps starting from a typable term (say, 
M) If this infinite sequence contains infinitely many detour-conversion 

steps, there must exist, by Lemmas^^and^^an infinite sequence of (3 -reduction 
steps starting from M . But this, by Proposition^^ would contradict the strong 
normalisation of the simply typed X-calculus. Hence the infinite sequence may 
contain only a finite number of detour conversion steps. But then, it would con- 
tain an infinite sequence of consecutive permutation-conversion steps, which con- 
tradicts Proposition^^ □ 
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A Proof of PropositionH 



Variable 



Abstraction 



X : k : ~a 



xk : o 



Xk. X k : 



M : /3 

k : ~(a ^ P) Xx. M :a ^ P 
k {Xx. M) : o 

Xk. k (Xx. M) : — > P) 



Application 



Pairing 



m :a ^ P N : a 

mN : P k : ~/3° 

mN k : o 

M : ^ P) Am. mN k : ~(a — > P) 

M (Am. mN k) : o 
Xk. M (Am. mN k) : P 

p :a ^ ~/3 M : a 

pM :rJp N:p 

pM N : o 

k : ~~(o ^ ~/3) Xp.pM N : ~(o ^ ~/3) 

k (Xp.pM N) : o 

Xk. k(Xp.p M N) : ~~~(a ^ ^/3) 



Left Projection 



i \a k : 
ik : o 
Xj. i k : ~/3 



p : ~(a — *■ '^P) Xi. Xj.ik : a ^ ^P 
p (Xi. Xj. ik) : o 

M : ~~~(o ^ ~/3) Xp.p(Xi. Xj. i k) : ~~(o ^ ~/3) 
M (Xp. p (Xi. Xj. ik)) : o 



Xk. M (Xp.p(Xi. Xj. ik)) : a 
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Right Projection 



J-.P 



jk:o 
Xj. jk-.-^fi 

p : ~(a ^ ~/3) Xi. Xj. j k :a ^ ~/3 
p(Xi.Xj.jk) : o 

M : ^ ~/3) Xp.p{Xi. Xj. j k) : — > ~/?) 

M {Xp.p{Xi. Xj.j k)) : o 
Xk. M {Xp.p{Xi. Xj.j k)) : (3 



Left Injection 



Right Injection 



Case Analysis 









i : 


M 


: a 








iM 


: 0 










Xj. i M 






~(~a 


^ - 


'^'^P) Xi. Xj. iM : ^ 




^^Mp 






k {Xi. Xj. 


iM) : 0 






Xk.k 


(Az 


Xj.iM) : 






T) 








j : 


M 


■p 








jM 


: 0 










Xj. j M 






~(~o 




■^^P) Xi. Xj. j M : 




^^Mp 






k {Xi. Xj. 


j M) :o 






Xk.k 


{Xi. 


Xj.jM) 


~~(~o ^ 




T) 








[x : a] 
















[y- 








A : 7 fc 


: 


7° ; 








Nk : 


0 


0 : 


m : 






Ax. N k : 





m (Ax. N k) : 



7 k : ~7° 
Ok : o 
Xy. O k : ~/3 



m (Ax. N k) {Xy. O k) : o 

M : ~~(~a ^ ^^j3) Am. m (Ax. N k) {Xy. O k) : ~(~a ^ ~~/3) 

M (Am. m (Ax. N k) {Xy. Ok)) : o 
Xk. M (Am. m (Ax. N k) {Xy. Ok)) : 7 
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Abstract. A rewrite sequence is said to be outermost-fair if every outer- 
most redex occurrence is eventually eliminated. Outermost-fair rewriting 
is known to be (head-)normalising for almost orthogonal rewrite systems. 
We study (head-)normalisation for the larger class of weakly orthogonal 
rewrite systems. (Infinitary) normalisation is established and a coun- 
terexample against head-normalisation is given. 



1 Introduction 

The term /(a) in the term rewrite system {a — > a, f{x) —>■ b} can be rewritten 
to normal form 6, but is also the starting point of the infinite rewrite sequence 
/(a) ^ /(a) —>.... It is then of interest to design a normalising strategy, i.e. a 
restriction on rewriting which guarantees to reach a normal form if one can be 
reached. How to design a normalising strategy? Observe that in the example the 
normal form b was reached by contracting the redex closest to the root, a so- 
called outermost redex. An outermost strategy restricts rewriting to contraction 
of outermost redexes. The idea of this strategy is that outermost redexes cannot 
‘disappear’ hence must be contracted in order to reach a normal form. There are 
two problems with this idea: 

1. Consider the TRS {a ^ a,b ^ c,f{x,c) d}. Then f{a,b) f{a,b) by 
contraction of the outermost redex a. However, /(a, b) f{a, c) — > d is a 
reduction to normal form. 

2. Consider the TRS {a — > 6, /(a) ^ /(a)}- Then /(a) — > /(a) by contraction 
of the /(a)-redex. However, /(a) — > /(6) is a reduction to normal form. 

The problem in ^ is that the outermost strategy which always contracts the 
redex a is not fair in the sense that the other outermost redex b persists forever. 
Hence we will restrict attention to fair outermost strategies. The problem in Q 
is that the outermost redex /(a) has overlap with the non-outermost redex a, 
and contracting them gives rise to distinct terms (/(a) and f(b) respectively). 
Hence we will restrict attention to weakly orthogonal term rewrite systems, where 
overlap may occur but does not give rise to distinct terms (see Example^ . These 
two restrictions suffice to establish our first result. 

Theorem 1. Outermost-fair strategies are normalising for weakly orthogonal 
term rewrite systems. 



P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 60-^^ 1999. 
@ Springer-Verlag Berlin Heidelberg 1999 



Normalisation in Weakly Orthogonal Rewriting 



61 



Theorem Jcloses the gap between normalisation for almost orthogonal (see 
Def.^ term rewrite systems and non-normalisation for rewrite 

systems having overlap between a step making ‘progress towards the normal 
form’ and a step making ‘no(t as much) progress’, see e.g. (2) above and 

In lazy functional programming (weak) head-normal forms, not normal forms. 
After computing a head-normal form, one zooms in on 
the process repeats itself. In this way it is possible to compute 
(with) potentially infinite data structures, e.g. the list of prime numbers. The 
obvious question then is: are outermost-fair strategies head-normalising? 

By the same proof method as that of Theorem J we obtain our next result, 
generalising the first-order result of 



are computed 
the subterms ani 



Theorem 2. Outermost- fair strategies are head-normalising for almost orthog- 
onal term rewrite systems. 



Surprisingly, head-normalisation cannot be extended from almost to weak or- 
thogonality as witnessed by Counterexample J Nevertheless, we do have: 

Theorem 3. Outermost-fair strategies are infinitary normalising for weakly or- 
thogonal term rewrite systems. 



That is, infinite normal forms will be found if they exist; a result which usually 
is obtained as a corollary of head-normalisation. Before presenting the outline 
of the paper, let’s first present a summary of the results: 



almost orthogonal 


TRS 


PRS weakly orthogonal 


TRS and PRS 


normalising 


-k 




-|- normalising 


-k ThmJ 


oo-normalising 


-k 




-k Thm 1 oo-normalising 


-k Thm^ 


head-normalising 


-k 


kHKnUV 


-k Thm 1 head-normalising 


— CounterexH 



By ‘term rewrite system’ in this paper we mean ‘fully extended higher-order 
pattern rewrite system’ (PRS, see e.g. For the sake of exposition only 

definitions for the first-order case are presented, hut replacing them by their 
higher-order equivalent preserves the results. For example, Theoren^^generalises 
the normalisation result obtained in from almost to weakly orthogonal 

PRSs. By ‘TRS’ a first-order term rewrite system is meant. 

Section ^introduces the contribution relation induced by a rewrite step. In 
Section^ which is the (technical) heart of the paper and based on a (re)combina- 
tion of ideas from and three notions are formalised 

based on the contribution relation: essentiality, a measure, and the projection. It 
is shown that any rewrite sequence can be transformed into an essential one, i.e. 
a sequence where every step contributes to the result. Rewrite sequences will be 
measured by, roughly, counting the number of essential steps. It will be shown 
that both the transformation and the projection of the rewrite sequence over 
another one will decrease the measure. Readers not interested in technicalities 
can skip to Sections Q and B where our main results and its corollaries are 
presented. 

We assume the reader to be familiar with term rewriting, e.g. For 

background information on outermost-fair rewriting and its normalisation the 
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reader should consult 



and 



higher-order rewriting in this volume. 



or the paper by Van Raamsdonk on 



2 Terms and Trees 

In this section some notations are fixed and the contribution relation induced 
by a term rewrite system is defined. It is important to note that throughout this 
paper all term rewrite systems are (assumed to be) left-linear. 

We use s, t, r, I to range over terras^ which are built from variables (x, y, z) 
and function symbols (/, g, h, a, b, c). The rewrite (step) relation generated by 
a TRS TZ is denoted by We use u, v to range over rewrite steps, and d, e to 
range over rewrite sequences. A collapsing rule is a rule whose right-hand side 
is a single variable. We use ^ to denote the usual prefix relation on positions (o, 
p, q). It is a well-founded partial order with least element e, the root. If o ^ p 
then we say o is outside / above p and p is inside /below o. We use cr, r to range 
over substitutions. 

A 

prefix 




component 



subterm 



orthogonal 



Fig. 1. Term parts. 



Definition 1. 1. A linear term encompassed p. 166] by a term s is a 

component of s, where we (may) assume that s contains no variables. 

2. By an occurrence of an object, e.g. a component, we formally mean a pair 
consisting of a term and the object in that term. Such a pair is called a 
marked term and the object its mark. Notions for terms are extended to 
notions for marked terms via the first projection. A head- component or prefix 
is a component occurring at the head (root). 

3. A redex is a pair consisting of a component occurrence of the left-hand side 
of some rule, and the rule itself. We identify redexes with their induced step. 



Performing the obvious replacements in the definition of a notion for ordinary 
rewriting yields the corresponding /leod-notion, e.g. a head-redex is a redex hav- 
ing a head-component. 



Example 1. Some components of g{f{a, a)) are the component x at any position, 
three components g{x), g{f{a, a;)), and g{f{a, a)) all occurring at the root, f{x, y) 
and f{x,a) at position 1, and a at both 11 and 12. Some non-components of 
g{f{a, a)) are f(x, x) and the ‘component’ consisting of the two occurrences of 
a. Among these only x, g{x), g{f{a,x)), and g{f{a,a)) are prefixes. 







Normalisation in Weakly Orthogonal Rewriting 



63 



We assume the reader to be familiar with the correspondence between terms 
and trees. We introduce two relations on trees induced by term rewrite steps: the 
copy and the contribution relation. The idea of the copy relation is to relate the 
‘context’ part and the ‘substitution’ part of a rewrite step to ‘themselves’. On top 
of this, the contribution relation relates the ‘destroyed’ part to the ‘created’ part. 
This is abstractly illustrated in FigureJ We define the relations by means of two 




Fig. 2. Abstract copy (dashed) and contribution (dashed and dotted), 
examples, since the formal definitions are cumbersome and largely irrelevant. On 



/ / 



9 9 




h a a a 



b 

Fig. 3. Concrete copy (dashed) 



/ / 

9 a 

a ' ' ' 



contribution (dashed and dotted). 



the left in FigureHthe step f{g{h{b),a)) — > f{g{a,a)) due to the rewrite rule 
g{h{x),y) — > g{y,y) is displayed. Both vertices g and h and the edge between 
them contribute to g. On the right the step f{g{a)) f{a) due to the collapsing 
rewrite rule g{x) — *■ a; is shown. The vertex g contributes to the edge between / 
and a. In both steps / and a and the edges connected to them are copied. 

Observe that we are minimalistic in the sense that the edges connecting the 
component of a redex to its surroundings do not belong to the component, so are 
copied and not destroyed/created by the rewrite step. Note furthermore that the 
copy relation is ‘type-preserving’ in the sense that it relates vertices to vertices 
and edges to edges only. Unfortunately, this is not true for the contribution 
relation, but this seems unavoidable if one wants to deal "v^th collapsing rules in 
a way respecting Levy labelling ^^^3, cf. also | 



The higher-order relations can be retrieved from 




and 
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The copy and contribution relation for redexes are defined via their compo- 
nents, on which the relation must be a tree isomorphism in case of the copy 
relation. The contribution and copy relation induced by a rewrite sequence are 
obtained via the relational composition of the corresponding relations induced by 
the constituting steps. The empty rewrite sequence induces the identity relation 
both for contribution and for copy. 

If some occurrence of an object, i.e. a position, prefix, component, redex, 
or set of those, is related by the contribution (copy) relation to another such 
occurrence, then the former is called an ancestor {origin) of the latter {along 
the rewrite sequence) and the latter a descendant {residual) of the former {after 
the rewrite sequence). By the ancestor of a rewrite sequence, the ancestor of 
the whole final term in the initial term is meant. Let O be any object. An O 
sequence /O chain is a marked rewrite sequence such that every mark is an O 
and is the ancestor/origin of the mark of its successor (if any). 



Definition 2. A left-linear term rewrite system is orthogonal, if it has no criti- 



cal pairs 



If all critical pairs are trivial, i.e. of the form (s, s), (and arise 



from head-steps) the term rewrite system is weakly ( almost^ orthogonal. 



Example 2. Combinatory logic is orthogonal. Parallel or {or{x, T) — > T, 
or{T,x) — > T,or{F,F) — > A}, is almost orthogonal, since the only critical 
pair (T, T) is trivial and arises from overlap at the head: T ^ or{T, T) T. 
Prede/ successor {p(s(a;)) ^ x, s{p{x)) a;}, is weakly orthogonal since its left- 

hand sides are linear, and it has critical peaks s{x) <— s{p{s{x))) s{x) and 
p{x) ^ p{s{p{x))) p{x) giving rise to trivial critical pairs {s{x), s{x)) and 
{p{x),p{x)). 



3 Essentiality, a Measure, and the Projection 

Suppose one is interested in only a component of the final term of a rewrite 
sequence. Our goal will then be to extract from the sequence the steps which 
are essential for the component while discarding the inessential ones. In this 
section we show how this can be done in case the component one is interested 
in is a prefix. After that we introduce two concepts auxiliary to the proof of 
Theorem | but interesting in their own right: measure and projection. Our 
notion of essentiality and its properties are an adaptation of to the non- 

orthogonal case. We illustrate it by means of an example. 

Example 3. Consider a TRS having rules {a ^ 6, f{x, y) g{x, x)} and suppose 
one is interested in the whole final term g{b, b) of the rewrite sequence /(a, a) —>■ 
f{b,a) f{b,b) g{b,b). The third step f{b,b) g{b,b) is essential since it 
creates g by means of the rule f{x, y) g{x, x). The second step f{b, a) f{b, b) 
is not essential since the second argument of / is erased in the third step, hence 
this step should be discarded. The first step f{a, a) — > f{b, a) is essential, since 
it contributes to both 6’s occurring in the final term; the first step creates b via 
the rule a b, then b is copied once in the second step, and finally copied twice 
in the third step. The extracted sequence will be /(a, a) — *■ f{b, a) — *■ g{b, b). 
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Suppose now we are interested only in the head symbol g in the final term 
of the rewrite sequence f{a,e) g{a,a) g{b,a). The second step g{a,a) 
g{b, a) is not essential since we are not interested in the b, hence this step should 
be discarded. On the other hand, the first step f(a, e) —>■ g(a, a) is essential 
since it contributes to 5; g is created in the first step by means of the rule 
/(a;, y) g(x, x), and just copied in the second step. 



Suppose that the first rewrite step in a sequence does not contribute to a 
given component in the final term, whereas all the others do. This implies that 
the step is orthogonal to the ancestor of the component, and in particular to all 
the rewrite steps in the sequence. The classicalB 
fact that orthogonal rewrite steps commute 



I ide a is then to use the 
to permute 



the non-contributing rewrite step towards the tail of the rewrite sequence. 



Example 4- Consider the rewrite sequence /(a, e) ^ /(5, e) — > 5(6, b) in the 
TRS of Example H If we are interested in g in the final term, then the second 
step does, but the first step does not contribute to it, hence they should be 
permuted. After ‘permutation’ we have /(a, e) ^ 5(0,0) ^ g{b,a) — > g{b,b), 
where the last two steps do not contribute to 5 hence we take the origin of 5 
along them, resulting in the sequence /(a, e) — *■ 5(0, a). 



The example shows that permuting redexes which are nested, i.e. one is inside 
an argument of the other, may lead to multiplication; the example witnesses 
duplication of the a-redex. We deal with this phenomenon by introducing a 
simultaneous rewrite relation -e-^- which allows to perform several orthogonal 
steps simultaneously, e.g. 5(0, a) -e-^ 5(6, b) by contracting the two orthogonal 
a-redexes simultaneously. 



Definition 3. Two sets of positions are non-overlapping if they are disjoint. 
Two redexes, a set of redexes, and a set of rewrite steps are non-overlapping if 
their eomponents are, every pair of distinet elements is, and its set of redexes 
is, respectively. Since we assume all (underlying) rules to be left-linear we often 
use orthogonal instead of non-overlapping (see Figure^. 

One can give an inductive definition of performing a non-overlapping set of 
rewrite steps in one go in the style of Tait & Martin-L6f . For our purposes 

it is more convenient to do this via the possible developments 

Definition 4. 1. A development of a non- overlapping set of rewrite steps is 

(a) the empty rewrite sequence if the set is empty, and 

(b) an arbitrary rewrite step from the set, followed by a development of the 
residual of the set after that rewrite step otherwise. 

2. The existence of a development of an orthogonal set of rewrite steps from s 
to t is denoted by s -e-^- 1, possibly subscripted with the set. -&->■ is the simul- 
taneous rewrite relation and we employ U , V , W to range over simultaneous 
rewrite steps, and D, E, F to range over simultaneous rewrite sequences. To 
indicate that the rewrite steps are not nested we write instead of 
is the parallel rewrite relation induced by the term rewrite system 
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3. The contribution and copy relation are lifted to simultaneous rewrite steps 
via the corresponding relations induced by any development of the set. 



The induced relations are independent of the particular development by (a 
minor variation on) the finite developments theorem (FD) 

which expresses that all developments of an orthogonal set of rewrite steps are 
finite, end in the same term and induce the same copy and contribution relation. 



Definition 5. Let U]V be a rewrite sequence. U; V is permutable if all redexes 
in V are residuals after U of some orthogonal set of redexes. Let V be the 
minimal such set. The result of permuting U;V is V; U' , where U' is the set of 
all residuals of U after V' . 



Observe that a step in U contributes to an object in the final term if and only 
if at least one of its residuals in U' does so. Moreover, a step in V contributes 
to an object in the final term if and only if its origin in V' does so. 

Example 5. Consider the simultaneous rewrite sequence /(a, e) /(6, e) -e-^ 
g{b, b) in the TRS of Example^ Since the head-redex contracted in the second 
step is a residual of ‘itself’ in the initial term, the steps are permutable giving 
rise to the sequence /(a, e) -e-> g{a,a) -e-^- g{b,b). Note that both a-redexes 
contracted in the second simultaneous step are residuals of the a-redex in the 
initial term. 



Now we show that if one is interested in the rewrite steps contributing to a 
prefix of the final term of a sequence, then the non-contributing steps can all be 
discarded by permuting them towards the tail of the rewrite sequence. 

Definition 6. A position in a term in a rewrite sequence is essential for a set 
of positions in the final term, if it contributes to it. A set of positions, a redex, 
a single rewrite step, and a simultaneous rewrite step are (in)essential if every 
(no) element is, its component is, its redex is, and all its rewrite steps are, 
respectively. A rewrite sequence/development is essential if all its steps are. 



Lemma 1. A single rewrite step is either essential or inessential. 

Proof. The contribution relation is defined such that if some position in its left- 
hand side is related to say o, all positions in its left-hand side are. □ 

So, any rewrite step u in an ordinary rewrite sequence can be labelled as 
essential (ug) or inessential (ug). Simultaneous steps may contain both essential 
and inessential steps, but by FD it follows that any such step U factors as 
Ue', Ug, where the subscript e (e) indicates that all constituting rewrite steps 
are (in)essential. It remains to factor rewrite sequences. For this we employ a 
technical result expressing monotonicity of ancestors. But first we remark that 
there are simultaneous steps which are both essential and inessential: empty 
simultaneous steps. We assume they are silently removed. 
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Lemma 2. The ancestor of a prefix is a prefix^ 

Proof. By a case analysis on the definition of the contribution relation. □ 



From this it follows that marking the final term of a rewrite sequence with a 
prefix, uniquely induces a prefix sequence. 



Lemma 3. A simultaneous prefix sequence D factors as D^', Dg 



Proof. It clearly suffices to prove that any subsequence of the form C/g; factors 
as 14; Vg. By definition, all rewrite steps in Ug are inessential hence they are all 
below the prefix and do not ‘touch’ the prefix when performed. Since C/g is 
essential all steps in it are part of this prefix, hence the origin of C/' is ‘itself’, 
hence orthogonal to Ug, hence the steps are permutable. □ 



Observe that if the prefix of the final term is the whole final term, then the 
sequence Dg is empty, i.e. the sequence was transformed into an essential one! 



3.1 A Measure 



The proof of Theorem H will be by induction, using a measure on simultane- 



ous rewrite sequences inspired by 



It is the lexicographic product of the 



length of the sequence and the maximal lengths of essential developments of its 
simultaneous steps, from the tail to the head of the sequence. 



Definition 7. Let D = U\, U 2 ', . . .; C/„ be a simultaneous prefix sequence. The 
measure p{D) of D is the n-tuple (/„, . . where k is defined as the maximal 

length of an essential development ofUt. Tuples are compared first by their length 
and then by their successive elements (in the natural order). This yields a well- 
founded order which is denoted by <. 



Example 6. The measure of the simultaneous prefix sequence f(a, a, a) -e-^ 
f{b, b, a) -6-^ g(b, b, b) induced by the prefix g{b, b, y) of its final term, in the 
TRS {f{x,b,z) — > g{z, z, z),a b}, is the tuple (3,1). Since the sequence has 
length 2, the tuple has 2 elements. The second step of the sequence contracts 
an a- and an /-redex, both of which are essential. An essential development of 
maximal length is f{b, b, a) g(a, a, a) g(b, a, a) — *■ g{b, b, a| explaining the 
first element, 3, of the tuple. The first step contracts two a-redexes, of which 
only the rightmost is essential. Hence its development has length 1, explaining 
the second element. 

Our measure differs in two respects from that of Firstly, we shifted 

from parallel rewriting (— and measuring the size (of U), to simultaneous 
rewriting (-e-^j/) and measuring the maximal length of a development (of U). 

^ Replacing ‘prefix’ by ‘component’ the lemma still holds for TRSs, but fails for PRSs, 
e.g. in the A-calculus for the component (uz) w.r.t. {Xy.x{yz))u —>/3 x(uz). 

® g(b, b, a) g{b, b, b) is inessential though the redex is a residual of an essential one. 
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This is the obvious thing to do when trying to lift results from first- to higher- 
order. Secondly, we count the maximal length of essential developments only, not 
of arbitrary developments. The reason is that in the higher-order case residuals 
of essential steps may get nested inside inessential ones. Hence the length of an 
arbitrary development may depend on inessential steps, which is undesirable and 
measuring by it would render the next lemma invalid. This was the motivation 
for introducing the contribution relation. First remark that removing empty 
steps decreases the length hence the measure. 

Lemma 4. If Df,] Dg is a factorisation of D, then n{D) > ^(Dg). 

Proof. By enriching the proof of Lemma remarking that the measure of an 
inessential step is 0 and if Ug; Ug permutes into K; Vg, then fi{Ug) = fJ.{Vg). □ 



3.2 The Projection 



Our main proof technique is based on projecting a rewrite sequence to some 
result over arbitrary rewrite steps, thereby (eventually) decreasing its measure. 
The projection is the weakly orthogonal projection as defined in 
combined with discarding inessential steps on the fly. 



for ample motivation) is a 



Definition 8. A set of results (see 
set of prefixes closed under (inverse) rewrite steps below it. Moreover for a prefix 
sequence to a result with initial prefix O and final prefix P , if some step u overlaps 
O, then u overlaps an ancestor of some essential step. 



Lemma 5. Consider a prefix sequence to a result, with an initial term which is 
not a result, having prefix O. Then some redex is entirely in O. 



Let D be a simultaneous prefix sequence to a result, with initial prefix O and 
final prefix P. Let e be a rewrite sequence coinitial with D of length m. The pro- 
jection of D over e is defined by lexicographic induction on the pair (/i(I?), m). 
By LemmaH D factors as Dg\ Dg. By closure of results under expansions, i.e. in- 
verse steps, below P, Dg is a simultaneous prefix sequence to a result, such that 
Pl{D) > ix{Dg) by LemmaJ That is, for our induction it is harmless to assume 
that simultaneous prefix sequences to a result are essential, so we assume it. 

If e is empty the projection is just D. Suppose e = v;ey. As in | 
cases are distinguished. In (T) the measure does not change, in (/) it decreases. 






(T) If V does not overlap O, then the standard orthogonal projection 

can be applied. More precisely, one can construct by repeated application 
of FD a simultaneous prefix sequence D' , and a rewrite sequence e' , such 
that D; e' and v, D' start and end in the same term, where e' consists of 
steps below P. Hence D' is an (essential simultaneous prefix) sequence to 
a result, by closure of results under rewriting below the prefix. Moreover, 
pi{D) = Repeat the construction on D' and e^. 

(/) If V does overlap O, then by the definition of result it overlaps the ancestor 
of some step in D, hence D is non-empty say D = U\ Du. 
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(_L)’ If V does not overlap U, then applying FD yields simultaneous steps U' 
and V such that U; V and v\ U' start and end in the same term and V 
overlaps the ancestor of P along Du- That is, V develops as u'; V^, for 
some v' overlapping the ancestor of P. Hence repeating the construction 
on these we are again in case (/), resulting in a sequence such that 
fi{Du) > Applying the construction once again on e„ and C/'; D'^ 

yields the desired D' such that D'jj) > 

(/)’ If V does overlap U, then U can be developed as u; C/„ such that u 
overlaps v. By weak orthogonality u and v result in the same term. By 
FD fi{D) > fi{Uu',Du), so the construction can be repeated on and 
Uu] Du yielding the desired D' such that fi{D) > Du) > fi{D'). 

4 Normalisation 

In this section Theorem J is proven and some of its corollaries are discussed. 
First we define the concepts involved: strategy, outermost-fair and normalising. 

Definition 9. A subrelation of an abstract rewrite system is called a strategy. 
It is — >-normalising if it is terminating and its normal forms coincide with those 
of the abstract rewrite system — A one-step/parallel term strategy for a term 
rewrite system TZ is a restriction on the set of allowed ordinary /parallel steps. 
Notions for abstract rewrite system strategies extend to notions for term strate- 
gies via their underlying abstract rewrite system. A term strategy for a term 
rewrite system TZ is normalising if it is -^n-normalising. It is outermost-fair if 
it does not allow an infinite outermost redex chain. 

Example 1. 1. The rewrite sequence f{a,a) f{o.,b) — > f{a,a) f{a,b) 

... in the TRS {f{x, b) — > f{x, a), a —>■ bj is outermost-fair. Observe that the 
leftmost a gives rise to an infinite chain. Although infinitely many redexes 
in the chain are outermost, the chain itself is not outermost since infinitely 
many redexes in it are non-outermost as well. 

2. From the rewrite sequence f(a) f{a) ^ ... in the TRS {f{x) f{x),a 
a}, it cannot be determined whether it is outermost-fair or not. One needs 
to know which redexes are contracted; it is outermost-fair only if infinitely 
often the first rule is applied. 

Theorem 1. Outermost-fair strategies are normalising for weakly orthogonal 
term rewrite systems. 

Proof. To start, observe that the set of normal forms is a set of results. Closure 
under rewriting and expansion is trivial since the prefix is the whole term and 
there’s nothing below it. A redex which contributes to a normal form but has 
no overlap with any of the essential steps, would have a residual in the normal 
form which is impossible. Now suppose for a contradiction that for some term s 
it holds that: 

1. a(n essential) rewrite sequence D from s to normal form z exists, and 
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2. an infinite outermost-fair rewrite sequence e from s exists. 

Since e is infinite, it is of the form v; Cy for some rewrite step v and infinite 
outermost-fair rewrite sequence e„. Projecting D over v yields by the above a 
rewrite sequence D' such that /t(D) > If we can prove that by repeated 

projection the measure eventually strictly decreases, then we are done by well- 
foundedness of the measure and the observation that only the empty sequence 
has the minimal measure (). 

Suppose to the contrary that from some moment on, the measure doesn’t 
decrease anymore. Then the projection is orthogonal each time, and the prefix 
O of the initial term remains the same by projection. By Lemma^ O contains 
some redex and since O is a prefix there’s also an outermost redex u at some 
position o G o|By outermost-fairness this step must be eliminated sometime 
in e. This can happen in two ways. 

(overlap) Some redex v overlapping with u is contracted, but then contracting 
u instead of v yields the same result by weak orthogonality and gives rise to 
case (/) in the projection, decreasing the measure. 

(above) Some redex u at a position p above u is created, but then p ^ o. By 
well-foundedness of the prefix order eventually case (overlap) applies. □ 

By doing some proof-hacking it is possible to e-relax the weak orthogonality 
requirement to left-linearity and biclosedness, where a term rewrite system is 
called biclosed if for every critical pair (s, t) both s rewrites to t and t rewrites 
to s in a number of steps. 



Corollary 1. 1. Parallel outerm ost strategies ar e normalising for weakly or- 

thogonal term rewrite systems 

2. Normalisation and termination eoincide for non-erasing weakly orthogonal 

term rewrite systems when a step s ^ t is non- 

erasing if every position in s has a descendant in 

3. The computable, history-free and sequential strategy Sy, is normal- 

ising for weakly orthogonal TRSs. 

4- Need ed strat egies are (hyper) normalising for orthogonal term rewrite sys- 
tems A strategy is needed if the redexes it selects contribute to the 

normal form, and hyper normalisation of a strategy S is normalisation of 
any strategy which always eventually performs an S-step. 

5. Every rewrite sequence in a term rewrite system can be transformed into 
a standard one, where a rewrite sequence is standard if for any step in 
the sequence, no step properly outside all its descendants is performed later 

D- 



Proof. 1. The parallel outermost strategy is outermost fair. 

^ Beware: u may be partially below O! E.g. in the sequence f{b,a) f{b,b) -^2 b in 
the TRS {a — > b, f{b, x) — >1 x, f{x, b) —>2 x}, the redex a is in the initial prefix, but 
the outermost redex f{b, a) is only partially so (t> is below the prefix!). 

® For TRSs this definition of non-erasingness is equivalent to the standard one, requir- 
ing all variables in the left-hand side of a rule to occur in its right-hand side. 
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2. Due to non-erasingness the ancestor of any rewrite sequence is always the 
whole term. Hence (^lalwws applies in the proof of Theorem^ 

3. From Theorem^and Theorem 6.7]. 

4. An easy consequence of FD is that for orthogonal term rewrite systems, 
whether a position contributes to its (unique if any) normal form does not 
depend on the particular rewrite sequence to the normal form. Hence all re- 
dexes in the ancestor of a rewrite sequence to normal form are needed and the 
others are not. Moreover, from LemmaHwe know that the ancestor of any 
non-empty rewrite sequence contains some (needed) redex. Combining these 
observations it is clear that case (/) must and can always be applied (even- 
tually, in the case of hyper normalisation) in the proof of TheoremHwhen 
projecting over a sequence generated by a needed strategy (cf. 

5. Take the component consisting of the whole final term of a rewrite sequence 
d and repeat the following until the first item fails. 

(a) Consider an outermost position in the component to which some step in 
the sequence contributes. 

(b) Select the first such step and take the component of its redex 

Call the origin in the initial term of the last step selected by this procedure 
a first step of d. By the selection procedure any first step u is essential 
and no step outside its descendants is performed in the sequence. By the 
former property, projecting d over u results in a rewrite sequence e, such 
that /i((i) > ^(e). By the latter property, u is not duplicated until contracted 
hence d and e are permutation equivalent ^2^3- By the decrease in measure 
repeated selection/projection terminates. The resulting sequence of steps 
(u . . .) is standard by the properties of the selection which are invariant 
under permutation equivalence. □ 

The proof of Theorem H can be strengthened such that the weak orthog- 
onality requirement in the second item, can be relaxed, allowing critical pairs 
satisfying the CPC’ critical pair criterion of Definition 3.4.29], provid- 

ing an alternative proof of his result. We conjecture that left-linearity can be 
dropped as well (see for the first-order case) . 

The third item already appears as Corollary 7.2] with the same 

proof, i.e. based on Theorem J of the present paper which at that moment 
was thought to have been proven by Van Raamsdonk. Unfortunately a coun- 
terexample against the proof method was found, and at that moment the result 




erties of contribution for its correctness and on our measure for its termination. 



5 Head-Normalisation 

In it was shown that for almost orthogonal TRSs outermost-fair strate- 

gies are head-normalising (there called root-normalising). Unfortunately this 
property fails for the slightly larger class of weakly orthogonal systems. 
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Counterexample 1. Consider the term f{g{a,a)) in the TRS: 
a b 

f{g{a,x)) f{g{b,x)) 

g{b,x) g{x,x) 

There is only one critical pair {f{g{b,x)),f{g{b,x))) (arising from overlap be- 
tween the first two rules). Since the critical pair is trivial, the TRS is weakly 
orthogonal. Now on the one hand from f{g{a, a)) the head-normal form f{g(b, b)) 
can be reached, e.g. f{g{a,a)) — > f{g{a,b)) — > f{g{b,b)) by applying the first 
rule twice. But on the other hand the infinite parallel outermost rewrite sequence 
f{g{a, a)) f{g{b, a)) —>■ f{g{a, a)) ^ . does not reach a head-normal form. 



The counterexample shows that the head-normal forms do not constitute a 
set of results in the weakly orthogonal case (cf . ) . 

Lemma 6 (coherence). Lemma 9.3.10], Lemma 5.3.2]) Let 

s = C be an instance of a left-hand side I in an almost orthogonal term rewrite 
system. Suppose s ^ t by a non-head step u. Then u does not overlap 1. 



Theorem 2. Outermost-fair strategies are head-normalising for almost orthog- 
onal term rewrite systems. 

Proof. To replay the proof of Theorem ^ it suffices to show that the set of 
head-normal forms is a set of results. Closure under rewriting below the head 
is trivial. For a proof of closure under expansion, suppose that s —>g z and z is 
a result. If s were not in head-normal form it would rewrite by some non-head 
step to a head-redex C. By confluence and coherence, z and C would have a 
common reduct, via non-head steps, of the form P contradicting the assumption 
that z is in head-normal form. Like for normal forms, a redex contributing to a 
head-normal form but having no overlap with the essential steps, would have a 
residual overlapping at the head with the head-normal form. □ 



For the higher-order case this is a new result, although it is the obvious com- 



bination of the results of 



and 



|. Finally, we show that outermost- 



fair/parallel outermost strategies are infinitary normalising, a result which is 



usually proven via head-normalisation | 



|. We refer to that paper for a pre- 



cise definition; one can think of generating the (infinite) list of prime numbers. 
Due to Counterexample Jthe proof via head-normalisation is blocked. | 



Theorem 3. Outermost-fair strategies are infinitary normalising for weakly or- 
thogonal term rewrite systems. 



Proof (sketch). Suppose d is an infinite rewrite sequence from a finite term s 
to infinite normal form z. This implies that any finite prefix Q oi z remains 
‘untouched’ after a finite initial segment of d. Let qi, Q2, ... be an enumeration 
of all positions of z in breadth-first order. Applying factorisation with respect 



The counterexample does not contradict infinite normalisation, since the term 
f{g{b, b)) does not have a(n infinite) normal form. 
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to the successive prefixes yields a sequence D = Di; D 2 ; ■ ■ ■ from s to z such 
that Di is essential for qi, for every i > 0. Define fi{d) = (fi{Di), fi{D 2 ), ■ ■ i.e. 
the infinite sequence consisting of the measures of the essential subsequences. 
We show that by projecting D over an outermost-fair sequence an ever growing 
prefix of the measure will be filled by ()’s, establishing the result. Since s is 
finite, initially the set of minimal positions which have measure different from () 
is finite, and ‘covers’ every infinite branch of z. Let q be the first one. Replaying 
the proof of Theorem Q we may assume that eventually a redex contributing to 
q is contracted. This ‘decreases’ the measure of the sequence corresponding to q, 
which entails that an ever growing prefix of the measure will consist of ()’s. □ 



As in 



^ 3 , our proof is restricted to normalisation by strongly converging 
sequences (leaving an ever growing prefix ‘untouched’). Consider the weakly 
orthogonal TRS {h®(a) ^ h*+^(a) | i > 0}. The infinite sequence a —>■ h{a) 
h(h{a )) ... is Cauchy-converging and its limit is the infinite normal form z = 
h{h{h {. . .))). z may be reached by repeated application of the rule a — > h(a), 
but also by always applying the ‘largest’ possible rule. Call these sequences d 
and e. d is strongly converging, but e is not since it is a head-sequence. (Both 
notions of convergence coincide for finite TRSs.) Note that /i(e) is not well- 
defined since the prefix of e consisting of steps contributing to the root is e 
itself, so infinite. Hence, our proof (projecting e over d) doesn’t work if e is only 
Cauchy-converging. Still, we conjecture that outermost-fair rewriting is infinitary 
Cauchy-normalising for weakly orthogonal term rewrite systems. 



6 Conclusion 

We believe that the contribution relation and our proof methods based upon 
it are fundamental for the syntactic study of (left-linear term) rewrite systems. 
For example, we expect the extraction procedure of to be amenable to 

an analysis generalising the analysis of factorisation in this paper. Furthermore, 
we hope to employ our methods to prove normalisation results for strategies in 
the realm of explicit substitution/proof normalisation. 
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Abstract. This paper proposes a notion of reduction for the proof nets of Linear 
Logic modulo an equivalence relation on the contraction links, that essentially 
amounts to consider the contraction as an associative commutative binary opera- 
tor that can float freely in and out of proof net boxes. The need for such a system 
comes, on one side, from the desire to make proof nets an even more parallel 
syntax for Linear Logic, and on the other side from the application of proof nets 
to X,-calculus with or without explicit substitutions, which needs a notion of re- 
duction more flexible than those present in the literature. The main result of the 
paper is that this relaxed notion of rewriting is still strongly normalizing. 

Keywords: Proof Nets. Linear Logic. Strong Normalization. 



1 Introduction 

In his seminal paper Q, Girard proposed proof nets as a parallel syntax for Linear 
Logic, where uninteresting permutations in the order of application of logical rules 
are de-sequentialised and collapsed. Nevertheless, in the presence of exponentials, that 
are necessary to translate X-terms into proof nets, the traditional presentation of proof 
nets turns out to be inadequate: too many inessential details concerning the order of 
application of independent structural rules {e.g., contraction) are still present. 

When using proof nets to simulate X-calculus, this redundancy already gets in the 
way, so that it is necessary to consider an extended notion of reduction, or a special 
version of proof nets with an nary structural link and a brute force normalization proce- 
dure. But if one tries to simulate the behavior of explicit substitutions, then one is really 
forced to consider contraction links as a sort of associative-commutative operator. 

Looking carefully at these difficulties, one can see that what is really needed is an 
extension of the notion of reduction on proof nets where the order of application of the 
contraction rules, and the relative order of contraction rules and box formation rules is 
abstracted away. This can be done by dehning an equivalence relation over regular proof 
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nets that essentially amounts to consider the contraction as an associative-commutative 
binary operator that can float freely in and out of proof net boxes, and define a notion 
of reduction on the corresponding equivalence classes. Both X-calculus and systems of 
explicit substitution can be very easily simulated in such a system. Also, this system 
allows to abstract away all the uninteresting permutations in the order of application of 
structural rules, which are de-sequentialised and collapsed into the same equivalence 
class. Yet, up to now, it was unknown whether such an extension would enjoy the same 
good properties as proof nets, and first of all, strong normalization. The main result of 
the paper is that this relaxed notion of rewriting is still strongly normalizing. 

In the following, we shall first recall the traditional definition of proof nets and of 
their reduction, as well as the systems proposed by Danos and Regnier Q to simulate 
X-calculus, and by Di Cosmo and Kesner Q to simulate a calculus with explicit substi- 
tution. Then, we shall define our equivalence relation and prove our main theorem. 

1.1 Linear Logic and Proof Nets 

Let us recall some classical notions from Linear Logic. We shall consider Multiplicative 
Exponential Linear Logic (MELL) without constants, i.e., the fragment of Linear Logic 
whose formulas are: jT ::= a | IT ® IT | IT’S* IT | !1T | ?1T, where a ranges over a non- 
empty set of atoms that is the sum of two disjoint subsets IP and corresponding 
to the positive atoms p and to the negative atoms p^ respectively. In particular, p^ is 
named the linear negation of p, and vice versa. Linear negation extends to every formula 
A by means of the following De Morgan equations: (A®!?)-'- — , (?A)-'- = 

lA-'-, A-'--'- = A. The connectives ® (tensor) and ® (par) are the multiplicatives\ the 
connectives ! (of-course) and ? (why-not) are the exponentials. For the definition of the 
sequent calculus of Linear Logic, we refer the reader to |®]. 

One of the advantages of MELL is the availability of a graph-like representation of 
proofs that is highly non-sequential, that is, which is often able to forget the order in 
which some rules are used in a sequent calculus derivation, when this order is irrelevant. 
This representation is known as Proof Nets. 

A (MELL) proof net is a finite (hyper)graph whose vertices are occurrences of 
MELL formulas (in the following, we shall often write ‘formula’ for ‘occurrence of 
formula’) and whose (hyper)edges, named links, correspond to connections between 
the active formulas of some rule of the sequent calculus of MELL. The formulas below 
a link are the conclusions of the link; the formulas above a link are its premises. 

Fig- Ogives the inductive rules for the construction of proof nets. As usual T, ?T 
and A stand for sets of formulas — in this case, sets of conclusions of the net above 
them — in particular, ?T denotes a set of ?-formulas. The rule axiom is the base case: a 
proof net formed of a unique link of type ax. The rules par, contraction, dereliction and 
weakening add a new link of the corresponding type to a previously constructed proof 
net. The rules tensor and cut add a new link and merge two (distinct) proof nets. Finally, 
the promotion rule promotes a formula A to !A. In order to apply that rule, we need a 
proof net M whose conclusions but A are of type ?. As a result, promotion encloses 
M into a box whose conclusions are the promoted formula !A and a copy of each ?- 
conclusion of M. The conclusion !A is the principal port of the box; the conclusions in 
?r are its auxiliary ports. 
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Fig. 1. Proof Nets. 



Boxes force a strong constraint on the sequentialization of a proof net (;.e., on the 
construction of a proof net by application of rules in Fig-J: in any possible sequen- 
tialization of a proof net that contains a box B, no rule corresponding to a link below 
a conclusion of B can be applied before the complete sequentialization of B. However, 
the notion of box is crucial for the definition of proof net cut-elimination. In fact, be- 
cause of the side condition on promotion (recall that all the auxiliary premises of a box 
must be of type ?), we have to keep track of the context that allowed the promotion of 
A (again, for a more detailed analysis, refer to Q). 

Remark 1. A proof net M is a (hyper)graph, so it does not contain any explicit infor- 
mation on the ways in which it can be sequentialized {e.g., think at the strings of some 
context free language; the strings do not contain any information on their derivations 
in the context free grammar of the language). Therefore, let us assume to have a (hy- 
per)graph M formed of formulas and links — such (hyper)graphs are known as proof 
structures. The problem ‘is the proof structure M a proof net?’ is clearly decidable, e.g . , 
take the brute force approach that tries ordering links in all the possible ways. The so 
called correctness criteria characterize proof nets with no explicit reference to the rules 
in Fig.| For instance, the Danos-Regnier criterion states thatM is a proof net when all 
the switches of M are trees (a switch is a graph obtained by collapsing some boxes and 
by removing some edges). For a detailed discussion of correctness criteria and of their 
complexity, see 

The rewriting rules in Fig.^define the cut-elimination procedure for proof nets. In fact, 
each cut-elimination rule in Fig. 0 transforms a proof net into a proof net (see Q). In 
Fig. I a link between instances of the same set of formulas means that there is a link 
between each pair/triple of corresponding formulas in that sets. 

Definition 1 (PN). Proof Nets is the smallest set of (hyper)graphs closed by the rules 
in Fig.J PN is the rewriting system defined on Proof Nets by the rules in 

In the following, M G PN will denote that M is a proof net. Moreover, since we shall 
consider several variants of proof net reduction, this will also mean that M reduces 
according to the rules of PN. 

Theorem 1. PN is strongly normalizing and confluent ( Church-Rosser). As a conse- 
quence, PN has the unique normal form property. 
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Fig. 2. Proof net cut-elimination. 



Strong normalization (SN) was proved by Girard in |3] (Girard’s proof of SN uses the 
candidats de reductibilite\ a completely syntactical proof of SN can be found in Joinet’s 
thesis [§j)); the Church-Rosser property (CR) was proved by Danos in fH - 

Henceforth, let us write nf(N), for the normal form of N G PN. More generally, 
since all the reduction systems that we shall analyze will be derived from PN and will 
be named by sub/superscripted variants of PN, N G PNJ will denote that N reduces 
according to the rules of PNJj! and nf;J!(Af) will denote its normal form (if any). 

2 Survey and Our Proposal 

2.1 Simulating the X-Calculus: Collapsed Structural Links 

When simulating the (3-reduction of X-calculus in PN, the rigidity of the exponential 
links makes things difficult; the net translation of a term t does not always reduce exactly 
to the translation of the reduct term s, due to the different shape of the contraction trees 
in the translation. This is quite annoying, to the point that the first really satisfactory 
proof of simulation can be found in [^, where Danos and Regnier introduce a system 
where all exponential links are collapsed into one single nary link. 

Usual proof nets are mapped into those proposed in Q by a transformation p that 
pushes contraction and dereliction out of all boxes and contracts them together. Fig.| 
describes p by applying it to an example; see the mapping on the left. The root of the 
exponential tree in the example is not the premise of a contraction and is not above the 
auxiliary port of a box. The collapsed link of type ? that replaces the tree preserves the 
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branches of the tree and the number of boxes that they cross. Every weakening link is re- 
placed by a new link of type x that introduces a special (crossed) occurrence of the 
formula A. Every formula A^ marks a weakening branch of the ?-link. A 1-weakening 
tree is a ?-link connected to weakening branches only; it is the translation of an expo- 
nential tree whose leaves are all weakening links. A 1-weakening is a ?-weakening tree 
formed of one weakening branch only; it corresponds to the translation of an exponen- 
tial tree formed of a weakening link only (e.g., see the mapping on the right in Eig.^. 
The introduction of the weakening branches is due to technical reasons; the rationale is 
that we want to keep track of all the erasing rules required by the reduction. The x -link 
is not present in Q, where weakening branches are simply erased. 

A' 




Fig. 3. Collapsing an exponential tree into a ?-link. 



Definition 2 (PNc). Let PNc be the set of the proof nets where contractions and expo- 
nential crossings at the auxiliary doors of boxes collapse into a unique nary link of type 
1, and all the exponential reductions but erasing are collapsed into a unique exponen- 
tial reduction step that performs unboxing, duplication and box inclusion, as shown by 
the example in Fi'g.B 





Fig. 4. The exponential rule of PNc- 



The exponential rule of PNc introduces a ?- weakening cut for every weakening branch 
of the ?-link in the redex. In order to erase the corresponding boxes, that cuts must be 
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explicitly eliminated by means of an erasing rule. The erasing rule of PNc is the obvious 
translation of the erasing rule of PN: on the left-hand side, replace the weakening link 
by a ?-weakening and the auxiliary port crossings by ?-link branches; on the right-hand 
side, transform each branch into a weakening branch by putting a x -link above its leaf. 
When the ?-link in the redex is a ?-weakening tree with n branches, the exponential rule 
degenerates into a weakening duplication that creates n copies of the box in the redex 
and splits the cut into n ?-weakening cuts. In particular, when the tree is a ?-weakening 
ii.e., n= \), the left-hand side and right-hand side would coincide; therefore, in order 
to not introduce trivial reduction loops, the exponential rule does not apply to a ?- 
weakening cut; the only rule that applies to that cuts is erasing. In [J], the absence of 
weakening branches corresponds to an exponential rule in which the ?-weakening cuts 
introduced by our version of the rule are automatically eliminated. 

Remark! (No exponential axioms). The transformation p is not defined for the proof 
nets that contain exponential axioms (i.e., !A, ?A^ axioms). From the point of view of 
provability, this is not a problem, for it is well-known that each proof net can be r|- 
expanded into another one with the same conclusions that contains atomic axioms only 
(i.e., p,p^ axioms only). But, for a detailed analysis of proof net reduction and of its 
relations with X-calculus, that unrestricted r|-expansion is unacceptable. Therefore, let 
us constrain Tj-expansion to exponential axioms. Namely, the Tje-expansion replaces 
each !A, ?A^ axiom with a box containing the axiom A, A^ and a dereliction link from 
A^ to ?A^. Every reduction of M S PN is simulated by a reduction of its Tje-expansion, 
and similarly for M G PNc- Therefore and w.l.o.g., in the following, we shall restrict 
PN to the case without exponential axioms. In this way, p : PN PNc is total. 

Proposition 1. Let M G PN. For every r : p{M) P, there is a non-empty p : M — N 
s.t. P = p(N). Therefore, PNc is SN and CR, and nfc(/v(M)) = /i(nf(M)). 

The obvious limitation of this approach is that its reduction is too coarse grained: it 
really performs in one single step all the duplication, erasure and unboxing operations 
involved in a (3-reduction step for the X-calculus. For this reason, if one wants to study 
finer reductions on the X-terms, like the ones involved in handling explicit substitutions, 
this system turns out to be inadequate: it throws out the baby with the bath water. 



2.2 Simulating Explicit Substitutions: Fusion and Splitting of Contraction Links 

In m, the limitations of both PN and PNc are recognised, and another system is pro- 
posed, where it is possible to fuse two nary contraction links together (see the, fusion 
rule in Fig.H and where the irrelevance of the order of contraction and box formation 
is taken into account via a reduction rule that allows to push some contractions inside a 
box (see the push rule in Fig.^. 

This approach is less coarse grained, and it was the first solution for interpreting 
explicit substitutions in PN, but it still suffers from a certain rigidity of the extended 
reductions, that makes the translation from X-calculus with explicit substitutions into 
PN cumbersome (while the propagation of the substitutions is faithfully mirrored, the 
translation of a cut forces all the duplications to be performed at once). 
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Fig. 5. Fusion and push. 



2.3 Our Approach: Rewriting Modulo an Equivalence Relation 

If one looks carefully at the previous approaches, one really finds out that they are both 
trying to handle contraction links as associative-commutative operators freely floating 
in and out of boxes: Danos and Regnier work on a representative of the AC (associative- 
commutative) equivalence class which is obtained by collapsing all the trees of expo- 
nential links and pushing them outside of all boxes; Di Cosmo and Kesner allow a finer 
control on how to collapse and push in or out of boxes the contraction links. 

The limitations of the previous approaches clearly point out the need of a more flex- 
ible system, which accepts explicitly the associative-commutative nature of the contrac- 
tion operator, allowing a finer control of duplication and propagation of substitutions in 
the nets. For this reason, we introduce an equivalence relation ~ on Proof Nets and 
define reduction on the corresponding equivalence classes. 

Definitions (PNac)- The equivalence relation named AC, is the context closure of 
the graph equivalences in Fig-O extend the reduction o/PN to the equivalence 

classes of Proof Nets as M N ijf3M',N' : M ^ M' — > N' ^ N. Wfe shall write PN^c 
for Proof Nets equipped with this new reduction. 
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Fig. 6. AC congruence. 
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That extension of PN preserves the normal forms, as shown by the next proposition, 
which proves indeed that PNac is a fine analysis of PNc. 

Proposition 2. For every M,N G PNac, M ^ N ijfp{M) = p{N). Then, let M N. 

1. There are p{M) P and p{N) -^* P. 

2. nfc(/i(M)) = nfc(/v(A)) and nf(M) ~ nf(A). 
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3 Main Results 

The main result of the paper is that PNac is strongly normalizing and has the unique 
normal form property (modulo AC). 

Theorem 2. Let M e PNc. 

1. Let M N with N cut-free. Then N ~ nf (M). 

2 . Every reduction ofM is finite. 

The first item is a trivial consequence of PropositionJ(a particular case of it). The 
proof of strong normalization is by reduction to termination of PNc. 

3.1 Overview of the Proof Technique 

The key point in relating PNac to PNc is the study of the so-called persistent paths, 
an invariant introduced by Geometry of Interaction. Persistent paths capture the intu- 
itive idea that every connection (path) between the nodes of a reduct At of M is the 
deformation of some connection (path) between the nodes of M (see Q). In fact, along 
the reduction of M certain connections are broken {e.g., take the path between A and 
in the multiplicative rule), while others persist, in particular, the paths that persist 
after every reduction yield the normal form. Geometry of Interaction is an algebraic 
formulation of the previous notion of path deformation, even if the idea ‘reduction as 
path composition’ was already implicit in Levy labelled X-calculus. For a survey on the 
relations between persistent paths, Levy’s labels and Geometry of Interaction regular 
paths see . 

Persistent paths will be defined and studied in section^ There, we shall assign a 
norm to every M S PNac in terms of the persistent paths of p{M) (actually, in terms 
of the persistent paths that do not collapse). That norm is decreased by the reductions 
of PNac with a correspondence in PNc, while it is left unchanged by duplication and 
commutative conversion. In section^ we shall analyze the transformations that sim- 
ulate duplication and commutative conversion in PNc. That analysis will lead us to 
define a second norm (section^^ that is decreased by every one-step reduction. 

Unfortunately, the previous proof schema does not work if directly applied to PNc 
and PNac- In fact, in order to fully exploit it, we must tackle two technical difficulties. 

The first problem is connected with duplication: we need a way to count the number 
of box duplications in a reduction. For that purpose, instead of resorting to some mea- 
sure defined on the whole reduction, we exploit the presence of weakening. Namely, 
using weakening, we define a proof structure T'^, a tick (see section^3, that reduces 
to the empty net and s.t. the proof structure M'^ obtained by inserting a tick into each 
box of M is a proof net. Since each box duplication duplicates a tick, the number of 
boxes duplicated in a reduction is equal to the number of new ticks in the result. 

The second problem is that ticks might disappear along the reduction because of an 
erasing rule. Thus, in order to preserve our counting device, we have to delay garbage 
collection until the end of the computation (indeed, this approach simplifies other tech- 
nical parts also). Namely, let us denote by M -^* N a reduction that does not contain 

erasing rules and by PN^™ the restriction of PNac to that non-erasing reduction. 
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Lemma 1. For every M £ PNac> ^ then M P N. Therefore, PN^c w 

terminating iffP^2c terminating. 

Henceforth, we shall restrict to the study of PN^™ and of the corresponding system 
PN^l™, i.e., PNc restricted to the non-erasing reduction That analysis will conclude 

with the proof of strong normalization of PN^™ (Lemma^J that, by Lemma^ proves 
the strong normalization of PNac as well. 



4 Paths in 

A path in a proof net M is an undirected path in the graph of M that, crossing any 
link but axiom and cut, moves from a premise to the conclusion of the link and that, 
crossing an axiom/cut, moves from one conclusion/premise of the axiom/cut to the 
other conclusion/premise. 

Let M be a proof net. We shall denote by <t>(M) the set of its paths and we shall 
write \|/ C (|) to denote that \|/ is a subpath of (|). Remarkably, when M is in normal form, 
0(M) is finite and is the set of the elementary paths of M (a path is elementary when 
it does not cross any cut); instead, when M contains cuts, the paths of M may loop and 
0(M) may be infinite. 



4.1 Persistent and Permanent Paths 

After a reduction step, paths deform or even vanish, so there is a natural notion of 
residual of a path along a proof net reduction: as in [^, this notion can be captured 
by associating to every r : M N, a function r : 0(N) <I>(M) that maps a path of 

N to its ancestor in M. The notion of residual extends to a reduction p = ror\ . . . r/^ hy 
function composition, i.e., p = rfi • rf - . . . • 7>. 

We remark that p is total; that is, for p : M N, every path (|) £ 0{N) is the 
deformation of some path in M. Moreover, every deformed path (|) results from the 
contraction to a node of some subpath of p((|)); therefore, either (|) is essentially the 
same as p((|)), or |(|)| < |p((|))|. However, p is not onto. In fact, a path of M disappears in 
the following cases: 

1 . The path contracts to a connection between the premises of a cut that is then reduced 
along p (e.g., the path between A’S’B and (g) in Fig-O- 

2. The execution of a multiplicative or exponential cut disconnects the path. For in- 
stance, take the dashed path in the right-hand side of Fig.J 

The two cases above correspond to two completely different phenomena. In the first 
case, the path disappears enclosed into a longer path that eventually contracts to a for- 
mula. In the second case, the reduction splits the path. Thus, in the first case, we can say 
that the path persists along the reduction, as a trace of it is still present in the resulting 
proof net; in the second case, the path has no image in the result. 
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Fig. 7. Paths. 



Definition 4 (persistent paths). Let p : M -^* N. A path (|) c 0(M) is p-persistent 

when there is \|/ G O(A^) s.t. (|) C p(t|t)- The p-persistent path (|) is said p-permanent 
when (|) = p(\|/) for some \|/ G O(A^). A path ofM is persistent, or permanent, when it is 
p-persistent, or p-permanent, for every reduction p ofM. 

Henceforth, 'V{M) will denote the set of the permanent paths of M and ^c(M) will 
denote the set of its persistent paths. By definition, ^c(M) is a superset of the closure 
by subpaths of ^(M); further, we shall prove that ^c(M) is that closure, see LemmaJ 

Lemma 2. Let M G PN(^™. Every occurrence of formula in M is persistent. 

Therefore, the set of the persistent paths is not empty. Indeed, it is readily seen that 
every path corresponding to a redex (i.e., every cut pair A, A^) is persistent. Moreover, 
every virtual redex, i.e., every path that along some reduction will eventually reduce to 
a cut pair, is persistent, see Q and Q. 

4.2 Folding and Unfolding of Permanent Paths 

The permanent paths of a proof net M are the connections of M that are invariant under 
any reduction. So we expect that T'(M) be an image of nf(l'"(M); that is, we expect 
T'(M) = p(0(nf(l'"(M))), forany normalizing reduction p. However, that equivalence is 
not immediate. In fact, though has the unique normal form property, two distinct 
reductions might build the same path of nf(l'"(M) by combining different paths of M. 

Lemma 3. Let M G PN^™. For every r\ : M M\ and r 2 : M M\, there exist 
Pi : Ml -^* N and p 2 : M 2 N, s.t. TqpT = T^. 

Proposition 3. Let N — nf(l'"(M). There is a canonical map foldnf : 0{N) <I>(M) s.t. 

foldM = p,/or every p : M N. Moreover, ‘P(M) = foldM(d>(A'^))- 

The previous proposition proves the soundness of the definition of permanent paths. 
Moreover, let p : M -^* N; it proves that the restriction of p to permanent paths is 

an onto map p : ‘P(A^) T'(M) (this is a consequence of T'(M) = foldM(d>(P)) = 

p • foldAi(0(P)), where P = nf(l'"(M) = nf(l'"(A/^)). We stress that p(T'(A^)) = T'(M) is 
not a trivial consequence of the dehnition of permanent paths, as that definition trivially 
implies p(T'(Af)) D 'P(M) only. Finally, as a corollary of Proposition^ we get that 
every persistent path can be prolongated to a permanent path. 
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Lemma 4. For every (|) G ^c(M), there is \|/ G ^(M) s.t. (|) C \|/. 

The unfolding of (|) C <I>(M) is the set of its residuals in the normal form, i.e., 
unfoldM((|)) = {v|/G 0(nfc'"(M)) | foldM(tl/) = (|)} = fold^'((|)) 

The cardinality of a path is the cardinality of its unfolding, i.e., 

#((|)) = I unfoldM((|))| 

By definition, #((|)) > 0 iff (|) G T'(M). Thus, I{#((|)) | (|) G 0(M)} = I{#((|)) | (|) G 
T'(M)} = |<I>(nf(l'"(M)|; that is another way to express the combinatorial fact that no 
finite reduction creates an infinite number of residuals {i.e., #((|)) is always finite). 

4.3 The Norm of PNc™ 

In the reduction of we have two distinct phenomena. On one side, exponential 

reductions tend to unfold permanent paths, increasing their number; on the other side, 
every reduction reduces the length of some permanent path. The previous considerations 
summarize in the following lemma (as usual, |(|)| denotes the length of the path (|), while 
p-i((|)) = {i|/|p(\|/)=(|)}). 

Lemma 5. Let p : M N. For every (|) G T'(M), 

1. #(^) = x{#(iit)l¥Gp->)}; 

2 . |(|)| ^ |\|/|,/oreve/7 ¥G p '(c|)). 

3. Moreover, ifp is not empty and is not a sequence of weakening duplications, then 
1^1 > \^\ for some (|) G T'(M). 

Let us equip PN^™ with the following norm: 

l|M||^ = 'Zim) • 1^1 I ^ G 0(M)} = • 1^1 I ^ G T'(M)} 

We remark that, since T'(M) is finite, ||M||^ is well-defined {i.e., it is finite). 

Lemma 6. For every p : M -^* N, ||N||^ ^ ||M||^. Moreover, when p is not empty and 

is not a sequence of weakening duplications, ||N||^ < ||ilf||c- 

5 Relating to 

The grain of the reduction in PN)(™ is finer than in PN^™. In particular, the commutative 
conversion and the duplication rule have no correspondence in PN(^™; moreover, in 
PN)(™ we reduce modulo AC. For the part of PN)(™ with a direct correspondence in 
PNc the situation is clear: since M ^ N implies p{M) p{N), this part of the system 
is strongly normalizing and 

\\M\\lc=MM)fc forMGPN^^ 

seems the natural candidate for expressing that property. For the remaining part of 
PN^™, let us analyze each rule separately. 
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5.1 Commutative Conversion 

When r : M ^com N, /j{N) and /j{M) are equal but for some boxes of /j{M) that have 
been moved inside some other box of see Fig. J 




Fig. 8. Commutative conversion in PNc- 



Lemma 7. Let r : M ^com N. 

1 . nfa™(/r(M)) = nfa™(p(iV)),- 

2. fold^(M) = fold^(A,) and'V{^I{M)) = 'V{n{N)); 

3 - l|M||tc=ll^lllc- 

Therefore, the commutative conversion induced on PNc preserves normal forms and 
persistent paths. Moreover, though it does not decrease the norm on paths, it is readily 
seen that we cannot have an inhnite sequence of commutative conversions. 

Definition 5 (depth). The depth of an \-link, and then of the corresponding box, is the 
number of boxes that encapsulate it. The depth 3(M) of a proof net M is the sum of the 
depths of its \-links. 

Let n' (M) be the number of ! -links in M. We define 

||M||’ = n’(M)2-3(M) 



Lemma 8. For any M G PN^™ ■ 

L IIMII’^0. 

2. Ifr : M N, then ||iV||’ < ||M||’. 

5.2 Duplication 

This is the trickiest case. Fig.^illustrates by means of an example the transformation 
hr : p{M) ^dup A'(^) corresponding to r : M -^dup N. In that example, we assume that 
the contraction c in the redex r join two exponential subtrees whose leaves are A! and 
A" ,A'" , respectively; that two sets of leaves are the premises of the two new instances 
of c in p{N). As every rule in PNc, 5,- defines a map 5^ : 0(/i(Af)) ^ 0(p(M)). 
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Fig. 9. Duplication in PNc- 



Lemma 9. Let r : M ^dup N. 

2. fold^(M) = 5r • and'V{^{M)) = 5r(^(/t(A^))); 

l|M||tc= Halite- 

5.3 Ticked Proof Nets 

Usually, the proof that duplication is terminating exploits the fact that, in a sequence 
of duplications, no box is duplicated twice by the same contraction link — this is the 
intuitive idea; formally, we should reason in terms of residuals. However, since we 
assume to know that PN(7™ is strongly normalizing, we can resort to a technical trick. 

Duplication does not decrease the length of any permanent path. So, in order to 
prove that it is terminating, we need a measure of the unfolding that it causes. The re- 
mark that duplication tends to increase the number of persistent paths seems unfruitful: 
unfortunately, there are M ^dup N for which | T' {fj{M) ) | = | ) | . For instance, the 

proof net M in Fig.^]reduces to an axiom; so the path (|) drawn in the figure is the only 
non-empty permanent path of M. The path (|) contains two occurrences of the path \|/ 
(rooted at that loops inside the box, i.e., (|) = (|)o\l/(l)itl/(l) 2 . After M -^com N, 

the residual of (|) is (|)' = (|)q\|/(|)[\|/'(|) 2 , where \|/ and \|/' are residuals of \|/ that loop inside 
two distinct boxes of N. In other words, instead of duplicating some permanent path, 
the duplication in M unfolds the loop described by the unique permanent path in the 
proof net. The situation would be different if the box 5 in M would contain a permanent 
path: that path would be duplicated by the duplication of B. 




Fig. 10. Unfolding the loop of a permanent path. 
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Lep p be any atomic formula. A tick of PNc is a proof structure 7’'^ as that in 
Fig.^J and p{T'^) is a tick of PNac- A tick is not a proof net but, for every N G PNc, 
the proof structure M = U obtained by attaching the tick T'^ to 7/ is a proof 
net (i.e., M G PNc); moreover, M N, by contraction of the weakening cut in T'^ . 
Therefore, let N be the interior of the most external box of some proof net; by replacing 
M for N, we get a ticked box B G PNc- Then, by recursive application of this ticking 
procedure to the boxes in B, we eventually get a proof net whose boxes are all ticked. 







Fig. 11. A tick. 



Definition 6 (PN^). A box contains (at least) a tick when its interior is a proof net 
5U and T'^ is a tick. A proof net o/PN^c is ticked when each of its boxes contains 
a tick. Let us denote by PN^c set of the ticked proof nets of PN^c- fFe say that 
M'^ G PN^c is ticking of M G PNac when M can be obtained from M'^ by erasing 
some of its ticks. 

The set of the ticked proof nets PN^c i® closed by reduction, i.e., for any M'^ G PN^c 
and any p : M'^ N'^ , N'^ G PN^. In the following, M'^ will always denote some 

ticking of M G PNc (by the way, there exists at least one M'^ for every M) . By definition, 
M,forany M'^. 

Lemma 10. The ^-reduction ofM G PN^c is terminating iff the -^-reduction of any 
is terminating. 

By Lemma^J strong normalization of PNac reduces to that of PN^c- Moreover, as the 
ticks of are permanent, duplication is not a problem in PN^c- In fact, let n'^ (M) be 
the number of ticks in M. For any M G PN^™ > we define 

\\M\\ic=HM)\\^ where ||P||^ = n'"(nfa™(P)) - n'" (P) forPePNc™ 

Lemma 11. For any G PN/c- 

1 . IlM'^llXc^O. 

2. If r : M'^ ^ N'^ , then ^ II-^'^IIaC’' tnoreover, ||Af'^||_^ < 11^7'^ IIac w/ien r 

is a duplication. 
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5.4 The Norm of PN/(- 
Let M G PN^C’ 

(WAc = (M^c+M^c>IM’) 

with the lexicographic ordering, i.e., =4 is the reflexive closure of (ai , b\) -< (02, ^2, ) iff 
(ai < 02) or (ai = 02 A hi < b2)- By definition, ( 0 , 0 ) ^ 

We remark that, for any M,N £ PN)(™, M ^ N implies = ((N))^(2- 

Lemma 12. Let M'^ G PN/c- every r : ^ N'^ , ^ 

Lemma 13. PN)(™ is strongly normalizing. 

6 Conclusions and Future Work 

We have presented here for the first time a proof of strong normalization for Multiplica- 
tive Exponential Linear Logic’s Proof Nets with an associative-commutative contrac- 
tion free to float in and out of proof boxes. This is interesting for several reasons. 

First, this is another significative application of the normalization by persistent 
paths slogan which can be found in Girard’s Geometry of Interaction. But also, now 
that we know that we can rearrange contraction trees as we like during a reduction of 
a proof net, and still have the strong normalization property, we can go back to analyse 
how the classical p-reduction of the lambda calculus, or the more refined reductions of 
calculi with explicit substitutions are simulated in our system. We expect not only to 
be able to provide a much simpler simulation than the ones in the literature, but also to 
extract from PNac a calculus of explicit substitutions with good properties. 
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Abstract. A context-free grammar specifies a set of words, and for each 
of these words one or more derivation trees. Such a tree represents the 
(or a) hierarchical structure of the corresponding word and is the input 
of algorithms like those used in a compiler. 

Context-free graph grammars have been defined and studied which gen- 
erate sets of finite graphs (and hypergraphs). The generated objects also 
have derivation trees which are useful for example as input to drawing 
algorithms. Furthermore, many NP-complete graph properties can be 
decided in linear time for graphs generated by such grammars, and given 
by the derivation trees. This is the case in particular for properties ex- 
pressible in Monadic Second-order logic, via a suitable representation of 
graphs by relational structures. A Monadic Second-order formula repre- 
senting such a property can be compiled into a deterministic finite-state 
tree automaton that verifies the property by traversing the derivation 
tree. 

There are other connections between context-free graph grammars and 
Monadic Second-order logic. In particular, every context-free set of graphs 
is the image of the set of finite binary trees under a transformation of 
trees into graphs expressible in Monadic Second-order logic. (Similarly 
context-free languages are the images under rational transductions of 
certain languages encoding trees). In certain cases the parsing mapping, 
i.e. the transformation of the graph into one of its derivation trees, is 
expressible in Monadic Second-order logic. 

However, (but not surprizingly by the algorithmic results recalled above) 
context-free graph grammars suffer a severe limitation: no single gram- 
mar can generate the set of all finite graphs, or even the set of all finite 
planar graphs. 

We know from graph theory that graphs have certain canonical hierar- 
chical decompositions. One of them is the decomposition of a graph into 
a forest over its 3-connected components, another one is the modular 
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decomposition. These two hierarchical decompositions are based respec- 
tively on graph gluing operations and substitutions of graphs for vertices, 
which fit within the framework of context-free graph grammars. But since 
the basic blocks are not finite, they cannot be handled by context-free 
graph grammars since these grammars must have finitely many produc- 
tion rules. 

We are interested in situations where such hierarchical graph decompo- 
sitions can be dehned in Monadic Second-order logic. (In some sense, we 
aim at replacing grammars by logic.) This the case for the decomposition 
in 3-connected blocks, and also for the modular decomposition under the 
additional assumption that the graph is given with some linear order of 
its set of vertices. (Any two linear orders yield the same decomposition 
since modular decomposition is unique; we do not know how to do th e 
construction without an auxiliary linear order.) 

After reviewing these known results, we will present the new notion of 
modular decomposition for finite undirected hypergraphs of unbounded 
rank (we call rank the maximal size of a hyperedge). Such hypergraphs 
can be handled as bipartite graphs, but their modular decompositions 
are not the ones for graphs via this representation. The trees represent- 
ing them can be defined in Monadic Second-order logic without needing 
any auxiliary ordering. 

A hypergraph is convex if there exists a linear order on the vertices such 
that all hyperedges are intervals. If it is prime (i.e., is a basic compo 
nent of the modular decomposition), then only two linear orders witness 
its convexity (one and its opposite). They can be dehned by Monadic 
Second-order formulas. 

We deduce from this construction that if a set of hnite convex hyper- 
graphs has a decidable Monadic Second-order theory then, considered as 
a set of bipartite graphs, it is a subset of a context-free set. This pro- 
vides us with a new case of validity of a conjecture made by Seese that 
structures having a decidable Monadic Second-order theory are dehnable 
from trees by Monadic Second-order formulas. 

For a survey on Monadic Second-order logic, see: 

B. Courcelle, The expression of graph properties and graph transfor- 
mations in monadic second-order logic, Chapter 5 of the Handbook of 
graph grammars and computing by graph transformations, Vol. 1 : Foun- 
dations, G. Rozenberg ed., World Scientihc, 1997, pp. 313-400. 

For other references, see: 
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Abstract. We show that the 3*V* part of the equational theory modulo 
an AC symbol is undecidable. This solves the open problem 25 from the 
RTA list 



1 Introduction 

Formulae built of terms and the equality predicate are one of the most nat- 
ural objects in rewriting. One of the most natural ways of modeling the se- 
mantic behavior of real objects is considering additional equality axioms be- 
tween terms. The most natural set of equality axioms is AC what means the 
associativity axiom: f{x,f{y,z)) = f{f{x,y),z) and the commutativity axiom: 
f{x, y) = f{y, x). Validity of an equational formula modulo AC symbol is in gen- 
eral an undecidable problem. This paper is not the first attempt to demarcate 
the decidability/undecidability border, that is to find out what are the classes 
of the ’’simple” formulas, for which there exists an algorithm deciding validity. 

We consider a finite signature S of function symbols, containing also some 
AC symbols. We also assume that there is at least one constant in the signature, 
so the set of ground terms over S is not empty. Then we consider the first order 
equational theory of the ground terms algebra over S : the only relational symbol 
of the theory is the equality, the function symbols are the symbols in S, and the 
variables range over the set of ground terms. 

The measure of the complexity of a formula is the number of alternations 
of quantifiers in the prenex form. On the undecidability side of the border it 
was proved in BQ and BQ that the S 3 part the theory is undecidable (this 
part contains the formulae whose quantifier prefix is of the form 3*V*3*). On 
the decidability side, it is known that the Si part (existential formulas) is de- 
cidable [C93]. Also several papers (including and ^^9) were written 

about the decidability of some special cases of so called AC complement prob- 
lem, which itself is a special case of the S 2 part of the t heory. Decidability of 
the whole S 2 part was stated as an open problem in ^^9 and then on the RTA 
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I). In this paper we present the 



list of open problems (| 
negative solution of the problem. 

The rest of the paper is organized as follows: in Section 2 we prove undecid- 
ability of the existential-universal ( S 2 ) part of the theory of an AC idempotent 
symbol: we assume there is a function symbol in the signature which is not only 
commutative and associative but also idempotent, what means that it satisfies 
the axiom f(x, x) = x. In Section 3 we present our main result: undecidability 
of the 3*V* theory of an AC symbol. In Section 3 we prove the result of Section 
2 for the smallest possible signature. Finally, in Section 4 we show that the main 
result holds also if infinite terms are allowed. 



2 Theory of One Idempotent AC Symbol 

Let us start from a very simple case of the equational theory of an idempo- 
tent AC symbol. In and Treinen shows that the 3*\/*3* part of the 
theory is undecidable. We would like to begin this technical part showing the 
undecidability of the 3*V* part of the theory. It will be a good introduction to 
the methods used in the following sections. 

Let 7T = {< li,ri >,< h,r 2 > ... < h,rk >} be an instance of the Post 
Correspondence Problem. This means that each li and ri is a nonempty word over 
some finite alphabet (we assume it is {a, 6}). Let us remind that a nonempty 
word w = over the alphabet {l,2,...fc} is called solution of II if 

Iji . . . Ij^ = Vj^ , and that the existence of a solution is an undecidable 

property of II. 

We consider the signature consisting of the binary AC symbol -I- , two unary 
function symbols a and b, and the function symbol h of arity 2. The only constant 
is c. 

The words li, Vi can be naturally understood as unary contexts built over the 
signature {a, b}: for example the word abb means for us the same as the context 
a(5(5(A))). 

Let us define: 

Xi{x) = 



Vw, Wi, W 2 

{h{w\, W2) + W = X /\ {w\ ^ W2y W\ = W2 = c)) 
[ h{li{wi),ri{w2)) -I- w -I- h{wi,W2) = x V 

h{l 2 {wi),r 2 {w 2 )) -I- w -I- h{wi,W 2 ) = X V 

V h{lk{wi),rk{w2)) -I- w -I- h{wi,W2) = x) ] 



X2(x) = 
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3s h{c, c) + s = a; 

And 

X = 3a; Xi{x) A X2{x) 

Obviously x is an 3*V* formula. 

Theorem 1. 1. Formula x is valid if and only if II is solvable. 

2. The 3*V* part of the equational theory modulo an idempotent AC symbol is 
undecidable. 

Of course (ii) follows form (i). The proof of (i) is left for the reader as an 
easy exercise. Let us however explain the meaning of the formulas above. The 
existentially quantified variable x is understood as a ’’set”. Formula X2 says 
that the pair e, e of words, encoded as h{c,c) is ”in a;”. This happens to be 
the ’’first pair of the solution of the POP instance 7J” but what is important 
here is that this pair is the initialization of some process, whose termination 
is undecidable. Formula Xi{^) says that if h{wi,W 2 ) is in x then one of the 
possible next configurations of the process is also in x (unless h{wi,W 2 ) encodes 
the final configuration of the process) . Since we consider first order terms, the set 
represented by x is finite. So it can only exist if the process terminates (similar 
proof can be given also if we accept infinite terms, see Section ^ for details). 
The technical problem is how to say ”is in a:” by a universal formula. To express 
the fact that y G x we need a ’’witness” w, such that w + y = x. But using 
such a witness may lead to a 3*V*3* formula: There exists such an x that the 
initial configuration is in x and for every configuration y and every witness w 
if y + w = X, what means if y is in x, then there exists a witness v such that 
V + u\ = X or V + U 2 = X or .. .V + Uk = X, where U\,U 2 , ■ ■ -Uk are possible 
configurations reachable from y in one step. In this section we could go around 
this difficulty by reusing the witness. Thanks to the idempotency v can be built 
as w + h{wi,W 2 ). This is not the case in the following sections where we consider 
a non-idempotent AC symbol. 



3 Theory of an AC Symbol 

In this section we prove: 

Theorem 2. The 3*V* equational theory modulo an AC symbol is undecidable. 
Let us define: 

4>l{ti,tr, Si, Sr) = 

(s/ = h{ti)ASr = ri(A))V(sj = l2{tl)ASr = r2{tr))y. . .V(sj = lk{tl)ASr = Tfc(A)) 



and 
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(p2{x) = 

Vw, 2 

w + 2 = a;Awisof the form f{w\, W2,w^, W4) ^ 

w is of the form f{ti, tr, t, f{ri, r^, r, u)) or of the form /(s, s, c, c) with s yf c 
4>2{x) can be written as a universal formula: 



Vw, Wi, W2, W3, W4, W5 

^(x = W + f(wi , W2, W3, o(w4))A 
= w + f{wi , W2, W3, b{w4))/\ 

= W + f{wi , W2, W3, W4 + W5))A 
-^[x = w + f{wi,W2, W3, c) A {W3 yf c V Wi yf W2 V Wi = c)] 



Define: 
h{x) = 

Vy, s/,Sr,t, r/,rr,w,w 

f{si,Sr, t, f{n,rr, w,v)) + y = X ^ 

(/)l(s/, Sr, r/, Tr) A W + /(r/, Tr, w,v)=t 

and: 

(/)4(a;) = 

3si,S 2 a; = Si +/(c, c, si,S2) 

Now, define 4 > as 

(j)2{x) A </» 3 (a;) A (/) 4 (a;) 

4 > is clearly an 3 *V* formula. 

Lemma 1 . If II is solvable then (j) is valid. 

Proof: 

If n is solvable then there exists a finite sequence XQ,yQ,xi,yi . . .xi,yi of terms 
such that xq = yo = c and <f>i{xi, yi, Xi+\, yi+i) holds for each i = 0, 1, . . — 1 

and that xi = yi. 

Define ti = f{xi, yi, c, c). When tj is defined for some j > 0 as /(si, S2, S3, S4) 
define as 

f (Xj — l 5 Uj — ^^ "^3 3 “ , "^ 2 , -535 "^4) , , "^ 2 , - 53 , "^4) ) 

Then define a; = to + + ■ ■ ■ + ^/ + c 

Notice that if tj is /(si, S2, S3, S4) for some j > 0 then si = Xj and S2 = yj. If 
X = w + f{s\, S2, S3, S4) for some si, S2, S3, S4 then /(si, S2, S3, S4) is tj for some 
j and so we can check directly that <f>2 and 4>3 hold for x. 

To prove that also (p4 holds first notice that to = f{c, 0,33,34) for some 
S3 and S4. Then use induction to show that if tj is f{ri, 02,03, 04) then T3 = 
So S3 = c-t-t/-t-...“t“ti and a: = to“bS3. D 
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Lemma 2 . If (f) is valid then U is solvable. 

Suppose 4 > is valid and let x be such term that 4 > 2 {x) A ^ 4 ‘ 4 :{^) holds. 

Take such si and S2 that a; = si + /(c, c, si, S2). They exist since 4 > 4 {x) holds. 
Define to as /(c, c, si, S2). Now, if tj is defined for some j and tj is of the form 
/(zi,Z 2 ,^ 3 ,/(wi,W 2 ,W 3 , W4)) then define t^+i as /(wi, W2, W3, W 4 )- 

Lemma 3 . For every i> 0 , ifti is defined as f{zi,Z2,Z3,Z4) then 

1 . Either U + z^ = x or there exists w such that w + ti + Z3 = x 

2. zi = Z2 or ti+i is defined. 

3 . Suppose ti+i is defined as f{u\,U2,U3,U4) for some terms U\,U2,U3,U4. Then 
4 >i{zi,Z2, ui, U2) holds. 

4. Ifti+i is defined as /(ui, U2, U3, U4) for some terms ui,U2,U3,U4 then u\ is 
larger than z\ . 

Proof of LemmaQ 

Notice that for given i claim (ii) follows from (i) (since <t>2(.x) is valid). Claim 
(iii) follows from (i) and (ii) (since is valid). Claim (iv) follows from (iii). 

If i is 0 then claim (i) follows from (j>4. 

Suppose that the Lemma holds for some i — 1 and that fi is defined. 

Let ti_i = /(zi, Z2, 23, f{wi, W2, W3, W4)). By hypothesis either ti_i + Z3 = x 
or there exists w such that w+ti-i+Z3 = x. Since Z3 = f{w\, W2, W3, W4)+W3 we 
get that either ti-i + f{wi , W2, W3, W4) + r<;3 = a; or w + ti_i + /(wi, W2, W3, W4) + 

W3 = X □ 

Now, notice that by Lemma | (i) for every defined tt there exists w such 
that w + ti = X. But for given x there are only finitely many such terms v that 
there exists w such that x = v + w. On the other hand, if z yf j and U and 
tj are defined then they are different (this is by Lemma ^(iv)). That implies 
that there exists I such that ti = /(zi , Z2, 23, Z4) is defined but is not. By 
LemmaB(ii) this implies that zi = Z2. Consider the sequence rj, r^, . . .r(, 
of the first and second arguments of tofii, . . .ti respectively. By LemmaH(iii) 
(j)i{rl,r2,r\'^^ ,rl2^^) holds for each i < 1 . Since = c and r\ = this 

sequence is a solution of 7 T. □ 

Theorem ^follows now from LemmaH Lemma J and from undecidability of 
the Post Correspondence Problem. 

4 The Simplest Possible Signature 

Now we are going to show that Theorem^holds also if we restrict the signature 
so that it contains only the binary AC symbol +, a unary function symbol g and 
a constant c. This is the simplest case in which undecidability can be conjectured. 
As noticed in without g (that is if we only have the AC symbol and some 
number of constants in the signature) the theory is decidable for the same reasons 
as Presburger arithmetic is (one can proceed here as in ^^^Q) . 

In the proof of Theorem H^e decided to use the Post Correspondence Prob- 
lem as the one to which we reduce our problem. This was mainly an esthetic 
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choice. A Turing machine, for example, could work as well. In this case / in 
formula 4>i should be of arity 5: instead of the two Post words we would encode 
the state of the finite control, the tape to the left of the head and the tape to the 
right of the head. Technically this choice would not change anything, just the 
notations would be a little bit more complicated. Another possible choice could 
be a machine with two counters. 

The first trouble that we have in this section with the Post Correspondence 
Problem is that if we want to encode it like in formula 4>i then we need two 
different monadic function symbols a and b: PCP for words over an alphabet 
containing only one symbol is decidable. To go around this difficulty we will 
encode words in {a, b}* as numbers: 

Definition 1. For a given word w G {a, 6}* let c{w) (or code of w) be the 
natural number (in decimal notation) achieved by replacing all the symbols a of 
w by 1, and all the symbols b of w by 2. 

The following obvious lemma states the property of the encoding c which 
will be useful in our construction: 

Lemma 4. Ifw,l are words over {a,b} then c{wl)=c(l)+10^^^c{w). 

define y, z, f) as the formula: 
z = X + X + . . . + x+c{li) Ft = y + y + . . . j/+c(rj) 
where x is added times and y is added times. 

Now we are ready to write the formula ipi, which is a counterpart of the 
formula (pi from the previous section: 

ipi{x,y,z,t) = 

V’l {x, y, z,t)y ipl{x,y,z,t)y . . .y ip{ {x, y, z, t) 

In order to write the formula ip 2 , the counterpart of <p 2 we need a trick to 
get rid of the arity 4 function symbol. We can use + instead, thanks to the as- 
sociativity it has any arity we need. The problem is that, due to commutativity 
we forget the order of the arguments then. Informally: 

1 p 2 {x) = 

Vw, z 

w-|-z = a;Awisof the form g{u) => 

u is of the form gggg{ui) + ggg{u 2 ) + gg{u^) + 5(^4) 

where 

none of ui, U2, U3, U4 has g in the root, and 

either ua is of the form gggg{vi) + ggg{v 2 ) + 55(^3) + 9 {va) 

or U4 = U3 = c and u\ = U2 ^ c 
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Like (f>2, also ip2 can be written as a universal formula, but one must really 
be patient here: 

Vw, 2, UI, U 2 , U 3 , U4, U5, I"!, ^2, ^3, ^’4, t’S, Vq 

(1) ~^{g{c + ui) + z = x)A 

( 2 ) ^{g{g{ui)) + z = x)A 

( 3 ) ^{g{g{ui) + g{u2)) + z = x)A 

(4) ^{g{g{ui) + g{u2) + gius)) + z = x)A 

(5) -^{g{ui + U2 + U3 + ua + U3) + z = x)A 

(6) ^{g{ggggg{ui) + U 2 ) + z = x)A 

( 7 ) ^(5(5555(^1) + 5555(^2) + U3) + z = x)A 

(8) ^(5(555(^1) + 555(^2) + ggg{u3) + u4) + z = x)a 

(9) ^{g{gg{ui) + gg{u2) + gg{u3) + gg{u4) + z = x)A 

( 10 ) ^llg(g(ui) + g(u2) + U 3 ) + z = x]A 

[ui = Wi + W2 V Ui = c] A [U2 = f 1 + W2 V U2 = c]]A 

( 11 ) ^[[g{gg{ui) + 55(^2) + U3)+z = a;]A 

[ui = + W2 V Ui = c] A [U2 = f 1 + W2 V U2 = c]]A 

(12) ^[[5(555(^1) + ggg{u2) + U3) + z = a;]A 

[ui = + W2 V Ui = c] A [U2 = f 1 + W2 V U2 = c]]A 

( 13 ) ^[g{g{ui) + gg{u2) + ggg{u3) + gggg{c)) + z = a; A (ui yf U2 V U3 yf c)]A 

( 14 ) ^{g{g{ui) + gg{u2) + ggg{u3) + gggg{c + v{) + z = a;)A 

( 15 ) ^{g{g(ui) + gg(u2) + ggg{u3) + gggg{giyi)) + z = x)A 

( 16 ) ^{g{g(ui) + gg(u2) + ggg(u3) + gggg{giyi) + g{v2)) + z = x)A 

( 17 ) -^{g{g{ui) + gg(u2) + 555(^3) + gggg{giyi) + g(v2) + g{v3))) + z = x)A 

(18) -^{g{g{ui) + gg{u 2 ) + ggg{u 3 )+ 

+5555(5(1’!) + g{v2) + g{v 3 ) + g{v 4 ) + gM)) + z = x)a 

( 19 ) ^(5(5(111) + 55(112) + 555(113) + 5555(55555(1’! ) + i’2)) + z = a;)A 

( 20 ) ^(5(5(11!) +55(112) +555(113) +5555(5555(1’! )+ 5555 (i’ 2 ) + i’ 3 )) + 2 = x)A 

( 21 ) ^(5(5(11!) + 55(112) + 555(113)+ 

+5555(555(1’! ) + 555(i’2) + 555(i’3) + W4)) + z = a;)A 

( 22 ) ^(5(5(11!) + 55(112) + 555(113)+ 

+5555(55(1’! ) + 55 (i’ 2) + 55 (i’ 3) + 55(i’4))) + z = x)A 

( 23 ) ^[[g{g{ui) + 55(^2) + 555(113) + ggggigM + g{v2) + ^3)) +z = x]A 

[w! = W5 + W6 V Ui = c] A [V2 = V3 + VqV V2 = c]]A 

( 24 ) -^[[g{g{ui) + 55(^2) + 555(113) + gggg{gg{vi) + gg{v2) + ^3)) + z = xjA 

[w! = Us + V ui = c] A [v2 = f 5 + I’e V W2 = c]]A 

( 25 ) ^[[5(5(11!) + 55(112) + 555(113)+ 

+5555(555(1’! ) + 555 (i’ 2 ) + f 3 )) + 2 = a;]A 

[w! = W5 + W6 V = c] A [W2 = f 5 + We V W2 = c]] 

The first line of the formula says that if g{u) + z = x then u does not have c 
as a summand. The lines from ( 2 ) to ( 4 ) say that such u is a sum of at least 4 
summands. The fifth line says that u is not a sum of 5 summands or more. So 
here we already know that there are exactly 4 summands in such u, and all of 
them have g in the root. The sixth line says that no summand in u is of the form 
55555(1’). At this point we know that u is a sum of four summands, each of them 
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of one of the forms g{v), gg{v), ggg{v) or gggg{v), where v does not start from 
g. Since the formula is universal we cannot say now for each of the four forms 
there is a summand in u which has this form. Instead we say, in lines (7)-(12), 
There is at most one summand of each of those forms. To be more precise, in 
line (7) we say There is at most one summand of the form gggg{v), where v is 
any term. In line (8) we say there are at most two summands of the form ggg{v), 
where v is any term (we know that one of them has also the form gggg{v)) and 
in line (9) we say there are at most three summands of the form gg{v), where v 
is any term. But still we must exclude the possibility that there is more than 
one summand of each of the forms g{v), gg{v) and ggg{v). This is done in the 
lines (10)-(12). 

At this point only U4 from the informal definition of ip 2 needs to be described. 
Line (13) says that if U4 is c then also U3 is c and u\ and U 2 are equal. In the 
lines (14)-(19) we repeat the trick from lines (l)-(6) to ensure that U4 is a sum of 
four summands, each of them of the form g{y), gg{v), ggg(v) or gggg{v), where v 
does not start from g. Then, in the lines (20)-(22) we repeat the trick from lines 
(7)-(9) to ensure that U4 is of the form g{v\) + gg{v 2 ) + ggg{v^) + gggg{v 4 ) , where 
none of the vi, . . .V 4 begins with g. Finally, in the lines (23)-(25) we repeat, for 
U4, the trick from lines (10)-(12). 

Now we are ready to write 'ips, the counterpart of 4 ) 3 : 

4^{x)= 

V W,V,Wi,W2,W3,Vi,V2,V3,V4 

x = w + g{g{wi) + gg{w 2 ) + ggg{w 3 )+ 

+gggg(.g(.vi) + gg(v 2 ) + ggg(v3) + ggggiyi))) 

4 i{w\,w 2 ,vi,v 2 ) ^W 3 = V 3 + g{g{vi) +gg{v 2 ) + ggg{v 3 ) + gggg{v 4 )) 

And ■04, the counterpart of 04: 

4a{x)= 



3si,S 2 a; = Si + g{g{c{li) + gg{c{ri) + ggg{si) + gggg{s 2 )) 

Notice that we could not postulate the existence ”in x” of a term with the 
codes c(£) in two first positions (as it was done in 4a)- This is because c(£) is 
zero, and we only know how to count positive natural numbers. That is why 
we use a bit different version of Post Correspondence Problem. The following 
Lemma is an obvious consequence of the undecidability of the standard version 
of the Post Correspondence Problem: 

Lemma 5. The existence of a solution 

0102 ■ ■ ■ 0m “ Xi^ri.^ . . . ri^ 

of an instance II of the Post Correspondence Problem remains undecidahle 
even if we require that i\ = l. 
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Finally, we write formula ip. It is not very hard to guess that ip is: 

3a; ip 2 {x) A ip 3 {x) A ip4{x) 

Clearly, ip is a, 3*V* formula. 

Now undecidablity of the 3*V* part of the theory over the signature with 
only single monadic function symbol and single constant follows from: 

Lemma 6. ip is valid if and only if U solvable. 

To prove the lemma one can simply repeat the proofs of LemmasHc^nd^ 
with the obvious notational changes. 

5 Infinite Terms 

In this section we assume that the quantification ranges over (possibly) infinite 
terms. It turns out that, with only some minor modifications, we can repeat also 
for this case the result and method of Section^ 

Let us start from the remark, that one can imagine two different definitions of 
what equality modulo an AC symbols means. First possibility is that we consider 
two infinite terms equal only if their equality can be proved in a finite number of 
AC-steps. Second possibility is that we allow infinite number of AC-steps. The 
proof below works for both the cases. 

The main difference between the situation in this section and the one in 
Section ^is that we cannot write here: There exists x such that the initial con- 
figuration is in X, and together with a nonterminal configuration y the set x 
contains one of the configurations reachable from y in one step . If we allow 
infinite terms then x as required by the formula exists even if the process does 
not terminate. Instead the formula should be: There exists x such that the ini- 
tial configuration is in x,such that together with every configuration y the set x 
contains all the configurations reachable from y in one step and such that no 
terminal configuration is in x. 

To write this formula one can for example consider the signature with the 
function symbol / of arity fc + 3, where k is the number of pairs in the PCP. 
The formula 9i will be: 

9l{w,V,Wi,Vi,W2,V2, . ..Wk,Vk) = 

Wi = h{w) Avi = ri{v)Aw2 = l2{w)Av2 = r 2 {v)A. . .Wk = lk{w) Avu = ruiv) 

We are going to give only an informal description of 02 • The reader who 
understood Section Q and B can easily imagine how to write it formally as a 
universal formula. 



02 (a;) = 
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Vw, u 

w + u = x Aw is ofthe form /(y/, j/r, y, yi, ?/ 2 , ...yk)^ 

{yi 7 ^ yr or yi = y^ = c) and each of yi , y 2 , ■ ■ .yk is of the form /(u/, f , fi, W 2 , ■ ■ -Vk) 



9s{x) = 



Vw,y/,y^,y, v] . . .vl,vf ■■■vl- . .vf,v'^,v’^,v’[,v^, . 

x = w + f{yi,yr,y, 

f{vj,vl,v\vl,v^, . ..vl), 

f{vl,v^,,v^vtvl...vD) 



[y = f{vl,vl,v^,v\,vl, . ..vl) + v^ + 

+f{vf,v1,v‘^,vl,vj, . ..vl) + ■ 



/( 



•^1 5 ^2 5 ■ 

vf , v^, V" , v'A V. 



1 j C2 , . 



D + v'^A 



Oi{yi,yr,vl,vl,vf,vl, . ..vf,v^)] 



6 * 4 ( 3 ;) = 

3s, Si , S 2 , ... Sk X S“t“ f (^C, C, S, Si , S 2 , . . . Sk) 



and: 

0 = 3x 6 * 2 ( 3 ;) A 6*3 (x) A 6*4 (x) 

Now, 6 * is false if and only if II is solvable. 
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Abstract. We consider quantifier free formulae of a first order theory 
without functions and with predicates x rewrites to y in one step with 
given rewrite systems. Variables are interpreted in the set of finite trees. 
The full theory is undecidable and recent results 

have strengthened the undecidability result to formulae with 
small prefixes (3*V*) and very restricted classes of rewriting systems 
{e.g. linear, shallow and convergent in ^^^^^Hh^Decidability of the 
positive existential fragment has been shown in 

We give a decision procedure for positive and negative existential for- 
mulae in the case when the rewrite systems are quasi-shallow, that is all 
variables in the rewrite rules occur at depth one. 

Our result extends to formulae with equalities and memberships relations 
of the form x £ C where T is a recognizable set of terms. 



Introduction 



The theory of one-step rewriting for a given rewrite system R and signature 
T is the first-order theory of the following structure: its universe consists of 
all J^-ground terms, and its only predicate is the relation “a; rewrites to y in 
one step by ii” . The structure contains no function symbols and no equality. 
In it has been shown undecidable. This result has been refined in many 

recent papers Even in the case of very short fragments and 

systems with strong restrictions, the undecidability result holds. For instance, 
the 3 *V* -fragment for the class of linear shallow and convergent rewrite systems 
in is undecidable. 

Decidability of the existential fragment is an open problem but the positive 
existential fragment has been shown to be decidable by Niehren et al in 
The elegant solution presentedin^^^^J uses a deep result of Schmidt-Schauss 
on second order unification a positive existential formula of the theory 

of one-step rewriting is solution-equivalent to a stratified second order unifica- 
tion problem. In Jacquemard gives a translation for any formula of the 

positive existential fragment of one-step rewriting into a formula of a decidable 
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extension of the weak monadic theory of two successors. In this latter result, re- 
strictions on rewrite system are necessary: in every rule, lengths of the positions 
of all occurrences of the same variable must be equal. 

Niehren et al results are also a first step towards the study of connec- 
tions between context unification and one step rewriting. Context unification 
( 



) is unification of first-order terms with context variables 
that range over terms with one hole, and its decision is an open problem (RTA 
List of Open Problems Solving a rewriting constraint consists in find- 

ing a context under which the rewrite relation applies. A rewriting constraint 
X — y is simply expressed by a context unification constraint saying that 
there exists a common context C and two variables zi and Zr such that zi and 
Zr respectively match the left hand side and the right hand side of the rule rul 
and X = C[zi] and y = C \zr\. 

Recent developments have shown that a weak extension of one step 

rewriting that allows to express relative orders for rewritings is sufficient to en- 
code any stratified context unification problem. Surprisingly, the positive frag- 
ment of one step rewriting is a difficult problem, and our result is also interesting 
for context unification because it addresses problems with negation. 

Our result concerns relations “a; rewrites to y in one step by r” (x y) 
where r is a rule of a finite quasi-shallow rewrite system. Here, quasi-shallow 
means that variables in both left-hand side and right-hand side of rules occur 
at depth exactly one. Contrary to shallow rewrite systems, finite closed terms of 
unbounded height are allowed in quasi-shallow rules but collapsing rules of the 
form f{x\, . . . , Xn) X are not allowed. 

In this paper we give a decision procedure based on inference rules to solve 
existential formulae with equality and all boolean operators for quasi-shallow 
rewrite systems. Let us sketch our method. 

Solved forms we want to obtain are formulae without any rewriting con- 
straints. So, the aim of the algorithm, described by a set of inference rules 
and a control, is to eliminate them. Given a formula with n variables, the al- 
gorithm tries to find n terms satisfying the formula in the following way. At 
each step, it first guesses a root symbol for each variable, that is a substitution 
of the form x = f{xi, . . - ,Xp) is applied to each variable. Thus new variables 
xi, . . .,Xp are added to the problem. Second, the algorithm tries to satisfy each 
rewrite relation f{xi,...,Xp) — g{y\, . . . ,ym) either at the root position or 
below. Both cases involve adding in the problem equalities or differences or 
rewrite relations between the new variables. In the case of a non rewrite relation 
/(xi, . . . , Xp) 7^’’ 5(2/1, . . . , 2/m), a dual treatment is performed: the algorithm 
tries to contradict the rule r instead of satisfying it. 

Let us consider the following example. 



Po = x^''yAyy^''xAx^y 

with the rewrite rule r = f{a, (3) f{a, a). First, guess root symbols for x and 
y. For instance x = f{x\, X 2 ) and y = /(2/1, 2/2)- We obtain 

Pi = f{xi,X2) /(2/l,2/2) A /(2/l,2/2) f{xi,X2), 
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where Xi and t/i are fresh variables. For the positive part of Pi, either the rewrit- 
ing applies at the root position, and therefore we delete a rewriting constraint 
and add = j/2 At/i = a, or not and propagate the constraint through one of the 
components: e.g. we transform f{xi,X2) f{yuy2) into x\ — yi f\X2 = t/2- 
For the negative part of Pi, we must check that the rewriting does not apply at 
the root position, i.e. X\ ^ a ov y\ ^ X2 and furthermore we must also check 
that it does not apply below. Since we have x ^ y in Pq, we can distinguish 
three cases and nondeterministically add one of the three constraints: 

yi 7A’' xi Ay2^ X2 j/2 3^2 A yi a;i y^^ ^ xi Ay2 ^ X2 

After that, we obtain a new problem and the number of rewrite constraints 
has not increased. To ensure termination, we prove that the part of the problem 
that is not concerned with any rewriting can be solved independently (because of 
the shalowness of rewrite systems). So, the number of different problems, when 
restricted to variables involved in rewriting constraints is bounded and this is 
sufficient to obtain termination. 

On the contrary, when a; = y in Pq, we obtain a constraint f(xi,X2) yA-’’ 
f(xi,X2), and must say that xi yA*' xi AND X2 yA’' X2- Therefore, the num- 
ber of rewritings increases. But an important property of quasi-shallow rewrite 
systems is that the set of solutions of constraints of the form x yA*' x are REC^- 
languages, i.e. languages recognizable by tree automata with constraints between 
brothers The decision procedure we propose also deal with member- 

ship constraints of the form x £ L where L some given RECy^-language. Hence, 
we are able to transform any constraint x yA’’ x into a membership constraint 
and thus we avoid increasing the number of rewritings in the transformation 
steps. 

A precompilation of the problem given in input allows us to build a unique 
REC y^-automaton to control any membership constraint that may be generated 
during the execution of our algorithm. Managing membership constraints also 
increases the expressive power of the language considered and leads to simpler 
proofs and constructions (e.g. to take care of ground terms). 

The expressivity of the fragment addressed here is relatively poor regarding 
classical properties useful in term rewriting theory. For instance, formulae can 
express confluence only for a bounded number of steps (due to the restriction 
“one-step”) and for quasi-shallow rewrite systems. Nevertheless, undecidability 
results and connections to context unification show that solving one step rewrit- 
ing formulae is difficult but interesting by its own. 

Shallowness of rewrite systems is very important to get this decidability 
result. Even if some technical difficulties are now hidden in the use of REC^- 
automata, the result seems not surprising, and difficult to extend, even in the 
positive case, to non quasi-shallow rewrite systems. But we hope, with the help 
of “good strategies” for the application of our set of inference rules, that our 
methods could be adapted for non shallow rewrite systems. It seems that this 
difficulty arises as soon as collapsing rules are allowed. 

Full paper is available on jww.eraDDa.univ-iiiie.j.tr/ tommas: 
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1 Preliminaries 

Terms and Term Rewriting Systems Let JF be a finite ranked alphabet, 
let T be a set of variables. Let 1F„ be the set of n-ary symbols in T . The set 
r(lF, X) denotes the set of terms and T{T) denotes the set of ground terms. 

We denote irlt a sequence of n variables Xi, ... ,Xn and a sequence of n 
terms oi, . . . , such that each ai is either a variable or a ground term. Let us 
note x^ n = 0 if {x\, . . . , rc„} n {yi, . . . , y„'} = 0. For a sake of brevity, we 
drop the index n of x^ and when n is clear from the context. 

A rewrite system TZ is quasi-shallow if for each rule I r, the left-hand side 
I and the right-hand side r are of the form /(o^) where n is positive or null. In 
other words, variables occur exactly at depth one. Let us note that I or r may 
be a constant. 

We denote by t t' if term t rewrites to t' with the system TZ. In this paper, 
we fix a rewrite system and we drop TZ in the index of the rewrite relation. We 
also write t t' (respectively t t') when t rewrites to t' with the rule r 
(respectively at the root position of t and t'). 



Tree Automata with Comparisons between Brother Terms Tree au- 
tomata with comparisons between brothers (REC^-automata) have been intro- 
duced by Bogaert and Tison They strictly increase the expressive power 

of finite tree automata. Rules of REC^-automata can test with constraint ex- 
pressions equalities or differences between brother terms. 

A constraint expression is a boolean combination of equations Xi = Xj, (so 
that inequations Xi ^ Xj are allowed) or sign T (null constraint), where xi and 
Xj are variables. The set of constraint expressions will be denoted by CE and 
CEn is the set of constraint expressions over at most n variables. 

A tuple of terms ti, ... ,tn satisfies a constraint expression c if and only if c 
holds when every variable xt is substituted by the corresponding term U in the 
sequence. 

Definition 1. An automaton A with comparisons between brothers, briefly REC^- 
automaton, is a tuple {T,S,Sf,A), where S is a finite set of states, Sf CS is 
a set of final states and A C U, X CE, X 5*+i) is a set of rules (a rule 
(/, c, si, . . . , Sn, s) will be denoted /(si, . . . , s„)[c] — > s). 

Let / € Tn and ti, . . . ,tn be terms of T{T). The relation is defined as 
follows: 



f{ti, tn) S if and only if 

I 3/(si , . . . , s„)[c] ^ s S Z\ such that Vz, ti ^a Si 
\ and ti, ... ,tn satisfy the constraint c 



Let s be a state of S. We denote by La{s) the set of terms t such that t s. 
A tree t G T{fF) is said to be accepted by A if there exists a final state s/ such 
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that t G Cj\{sf). The language C{A) recognized by A is the set of accepted 
terms. 

Clearly, regular tree languages are REC^-recognizable. The class REC^ of 
sets of tree languages recognized by the class of REC^-automata is closed by all 
boolean operations (intersection, union and complement). Moreover, the empti- 
ness problem — is a language in REC^ empty ? — and the finiteness problem — 
is a language in REC^ finite ? — are decidable. All proofs for these properties 
are constructive. By construction, the proof of finiteness allows us to enumerate 
members of a finite REC^ tree language. Therefore, one can com pute the ca rdi- 
nality of such a language. The reader is reported to and for 

more details on tree automata with equality tests. 



Example 1. The set of well-balanced trees over {a,/} is recognized hy A = 
({a, /}, {s, s/}, {s/}, A) with Z\ 

a^Sf, f{sf,sf)[xi = X 2 ]^ Sf , 

/(®/> 7^ ^ 2 ] Sp , f{sp, s/)[T] >■ Sp , 

/(s/,Sp)[T] ^ Sp , /(sp,Sp)[T] ^ Sp . 



One-Step Rewriting Logic Let TZ be quasi-shallow rewrite systems and £ 
be a set {Li, . . . , Lq} of REC^-languages. We focus on the satisfiability problem 
of the existential fragment of the theory whose underlying language is 

defined as follows. (In Tn^c rewrite systems and REC^-languages are given as 
parameters.) 

Atomic formulae consist in equalities, membership, or rewrite relations ^ 
between variables. Closure under boolean operators of atomic formulae defines 
formulae of the language. 

at ::= X ^ y \ X = y \ X G Li 
4> ::= 4>1 L 4>2 \ 4>1 4>2 \ ~>4> \ 

We interpret variables in the set of ground terms over the ranked alphabet 
T . If a is an interpretation, then x = y holds if and only if xa = ycr, x G Li holds 
if and only if xa belongs to Li and x y holds if and only if xa rewrites in ya 
in one step with the rewrite system TZ. A solution ct of (/> is an interpretation of 
the variables that satisfies cj). 

Theorem 1. Let TZ be a rewrite system and {£ 1 , . . . , £«} be REC^ -languages. 
The existential fragment of the theory of of one-step rewriting with mem- 
bership constraints and equality is decidable. 

We present an algorithm and sketch the proof in Section H The complete 
proof appears in 

For a sake of clarity, we consider formulae using the predicate — i.e. 
rewrites with the rule r, rather than — The latter presentation is more con- 
venient for the exposition of our algorithm and is equivalent to the former — 
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w.r.t. the decision problem we are interested in, since a; — > y if and only if 

Finally if formulae are written in a disjunctive normal form, (j) = Vie/ 4'ij 
then (j) is satisfiable if and only if at least one of the (pt is satisfiable. So we will 
consider formulae without disjunction in the rest of this paper. 

We use letters P, Q, P' , Q' to denote formulae without disjunction, also 
called problems, in this latter syntax. 

The set of the variables occurring in P is denoted by Var(P). For conve- 
nience, we consider sometime a problem P as & set of atomic formulas (instead 
of a conjunction). For instance, we denote by Card(P) the number of (different) 
atomic formulas of P; or we will say that P C Q if there exists P' such that Q 
is syntactically equal to PAP'. 

Non-rewrite Relations and REC^- Automata The decision procedure must 
deal with expressions of the form x x and we show in this section that we can 
get rid of them using tree automata. We will replace rewrite constraints x 7 A’’ x 
by membership constraints. Membership constraints will also be useful for the 
treatment of ground parts of rewrite rules. 

This transformation of rewrite constraints x 7 A’’ x into membership con- 
straints leads to the definition of new REC^-languages from T-jz.c’s definition 
viewpoint. 

Let us recall we are given a set of rewrite rules TZ and a set of REC^-languages 
Li, . . . , Lq. Rewrite rules may be built with ground terms like g{a) for instance 
in the rule f{g{a),x) f{x, x). We denote by L 5 + 1 , . . .,Lqi singleton sets con- 
taining a ground term occurring in the set of rules TZ. 

We also consider languages Lr that are defined by {t e T{T) \ t t} 
and we will prove that languages Lr are REC^-recognizable. Languages Lr are 
also numbered in the following way L^'+i, . . . , P„ so that every REC^-language 
considered here belongs to the set {Pi, . . . , P„}. 

For the rest of this paper, languages (Pi, . . . , P„} are now fixed. 

In order to prove that languages {t e T{P) \ t yA'~ t} are REC^-recognizable, 
we first show that tree languages defined by {t G T{P) \ t t} are REC^- 
recognizable. Then we use closure properties of automata to get the result. 

Proposition 1. Given a quasi-shallow rewrite system TZ, languages {t G T{T) \ 
t t\ where r G TZ are REC^-recognizable. 

Proof. Basically, the set {t G T{T) \ t t} is also defined by the set of terms 
that encompass the most general unifier of r’s left-hand side and right-hand side. 
Because rules of the rewrite system are quasi-shallow, the most general unifier is 
also quasi-shallow. Hence, such a construction can be done with (complete and 
deterministic) automata with equality tests between brothers. For instance, let 
us consider a rule f{x,y,y,z) f{g{a),y,z,y). The set {t G T{T) \ t t} is 
the set of terms that emcompass f{g{a), x, x, x). Hence, one can use closure under 
complementation and determinization to build a deterministic REC^-automaton 
for each language Lr = {t G T(P) | t t} associated with a rewrite rule r. □ 
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Product automaton In a natural way, conjunctions of non-rewrite relations 
X x/\x X must be transformed into membership constraints x S Ly-HLr' . 
It will be convenient to consider a unique automaton to handle all possible 
conjunctions. A classical construction of a product automaton is suited to do 
that. 

We just introduce the construction in these preliminaries and point out 
the properties of product automata. Let us consider complete and determinitic 
REC ^-automata Ai, . . . , A„ which respectively recognize languages Li, . . . , 
Each automaton is given by a tuple (IF, , 5/^ , Z\i) and we suppose that the set of 
states are pairwise disjoint. The product automaton A is defined by {T, S, S, A) 
where S = S\ x S2 x ■ ■ ■ y~ Sn and A is the set of rules of the form: 

where C is a n-tuple of constraint expressions (ci, . . . , c„), every is a n-tuple 
s = (si,...,s„) and /(s,^ . . . , s™)[cj ^ Si S Ai. 

Note that the product automaton is complete and deterministic since each 
automaton Ai is. 

The set of final states is useless for our study and we only are interested in 
the sets of terms Lj^{s) = {t G T{A) \ t s}. Clearly if s = (si, . . . , s„) and 
Si is final for the automaton Ai, then any term t such that t ^,4 s belongs to 
Li, and thus Lj\^(s) C Li. Because the product automaton built here is complete 
and deterministic, the opposite property also holds. If s = (si, . . . , s„) and Si 
is not final for the automaton Ai, then any term t such that t s does not 
belong to Li, and thus L^(s) C\ Li = ^. 



2 Decision Algorithm 

We first build the product automaton A according to Section J corresponding 
to fixed rewrite system TZ and languages {Li, . . . , L^}. 

Example 2 . Let us consider a signature with exactly one binary symbol / and one 
constant a. Let TZ be the rewrite system with only one rule r = f{a, ( 3 ) f(a, a). 
Let C be the set {Li,L2} where Li = {t \ t t} = {a} and L2 is the set 
of well-balanced trees over / and a. The product automaton will be, in a more 
compact way than the one that should be issued by the construction of Section^ 
“4 = ({a, /}, {Sa, Sf, Sp}, {Sa, Sf, Sp}, A) with A 

^ ^ ', fi^a, '5a)[T] > Sf ', 

f{sfAf)[xi = 0:2] ^ Sf ; f{sf,sf)[xi ^ X2] Sp ; 

f{s, s')[T] ^ Sp for every (s, s') ^ (s/, s/). 

We have L^(sa) = Li and L^(sq) U L^(s/) = L2- 
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Definition 2 (Input problems). An input problem P is such that neither 
X 7 ^’’ X, nor X ^ L, nor x G Li occurs in P and such that x ^ y occurs for every 
couple of distinct variables x and y and for every variable x, there exists some 
state s such that x G Lj^{s) occurs in P. 

To obtain a problem Q' that fulfills such properties from any problem Q of the 
existential fragment of proceed with nondeterministic transformations: 

1. For any constraint x 7 A’’ x in P, choose a state s such that T_ 4 (s) C Lr and 
replace x 7 ^’’ a; by a membership constraint x G Lj^{s), 

2. For any couple of distinct variables x, y such that x ^ y is not in P, either 
add X ^ y or substitute x by y. 

3. For any membership constraint x ^ Li, choose s such that T^(s) n Ti = 0 
and replace x ^ Li by x G Lyi(s). 

4. For any membership constraint x G Li, choose s such that L^{s) C Li and 
replace x G Li by x G Ly^{s). 

5. For any variable x, choose a state s and add x G T^(s) to P. 

Clearly, there is a finite number of choices for every transformation, because 
the set of states is finite (So, Q is satisfiable if and only if at least one of the 
outcome of the tranformation is.) 

When Lr is not empty, there are states , . . . , Sr^ in the product automaton 
A such that UieKfc L^isn) = Lr- In the first step we select one of them. (If Lr 
is empty, then there is no such a state and the problem is unsatisfiable) . In the 
second step we guess for every couple of variables whether they are equal or not. 
Three last steps are similar to the first one. 

Example 3 (continued) . 

Let P be a; y Ay -jL'" z Ax' G L^. A possible input problem obtained 
from P, if we let y = z, is Pq'- x y Ay G Ljx{sa) A x G Ljx{sf) Ax ^ y Ax' G 
Lj\,{sf) Ax' ^ X Ax' ^ y . 

The decision algorithm takes in input two parameters: i) an input problem 
P; ii) a list of problems initially empty that will memorize problems. It nonde- 
terministically transforms problems according to a set of inference rules. Trans- 
formation essentially modifies the rewriting part of problems, that is atomic 
formulae whose variables occurs in a rewriting constraint, and other part re- 
main unchanged. When no clash is discovered, termination is based either on 
the emptiness of the rewriting part or on an equivalence relation = on problems 
that avoid infinite computations. 

We use several notations we define now. 

Definition 3. Let P be a problem. 

— The rewriting part of P is P^ = P^^ A P^^ A P^^ where 

• P^^ is the conjunction of atomic formulas x y, x 7 ^’’ y, x x 
occurring in P. 
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• is the conjunction of atomic formulas x G i^(s) occurring in P 
such that X G VaifP^^). 

• P^^ is the conjunction of atomic formulas x ^ y occurring in P such 
that x,y G VaifP^^). 

— The difference part of P, denoted by P^, is the conjunction all of atomic 
formulas x ^ y occurring in P. 

— The membership part of P, denoted by P^ , is the conjunction of atomic 
formulas x G L_^{s) occurring in P. 

A clash can be discovered because there are too many differences, with respect 
to membership constraints. In our example, two distinct variables cannot belong 
to the set L^{s). 

Definition 4. Let P be an existential problem ofT-jz.c- 

Dp{s) = Card({a; G VaifP) \ {x G ^. 4 ( 5 )) is in P}) 

Intuitively, Dp(s) is the minimal number of different ground terms which 
must be in A^(s) if we want to satisfy the constraints of the form x G L^(s). 

Example j (continued). Given input problem Pq, we have P^ = x y A x G 
LA{sf) Aye L_A.{sa) A X ^ y, P^ = x' ^ X A x' ^ y A X ^ y, P^ = x e 
Ljx{sf) Aye Ljx{sa) Ax' e Lyi(s/) and for instance Dp{sa) equals to 1. 

Definition 5. Let Q and P be two problems. We denote Q = P if and only if 
there exists a variable renaming p, i.e. an injective mapping from VaifQ) into 
VaifP), such that p{Q^) = P^. 

Algorithm 

1: DecShallow(P, PP) : Boolean 

{P is a problem, PP a list of problems} 

2: if P contains _L then 
3: Return FAIL 

4: else if there exists a state s e S such that Dp{s) > Card(P_ 4 (s)) then 
5: Return FAIL 

6: else if Q — with Q G PP then 
7: Return FAIL 

8: else if P^ is empty then 
9: Return TRUE 

10: else 

11: Push P^ on PP. 

{Guess a head symbol for each variable in P^.j 
12: Let /i,...,/„ inP” 

13: Let P(°) be P^[a;i//i(-?), . ..,Xn/fn(^)] 

with {xi, . . ., Xn} = Var(P^) and x' is a sequence of new variables. 
{Guess differences and equalities between variables} 
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14: Guess a partition on variables Var(P*^°^) = tt^ and let be the prob- 

lem obtained by 

15: Fix a variable in each class tt^ 

16: For each i substitute every x in tt^ by Xt^ 

17: For each i^j i ^ j, add ^ 

{Propagate or delete differences.} 

18: Let be the closure of under Sag. 

(Propagate or delete membership constraints.} 

19: Let P^^i be the closure of P^^i under Smember- 

(Propagate or delete rewritings} 

20: Let p("^i be the closure of Pi^i under Sgen, Sappiy 

{Simplify the problem with equalities and differences.} 

21 : Let p(®i be the closure of P^^i under Sequai- 

(Recursive call with the new problem.} 

22: Return DecShallow(P', PP) 

23: end if 

The inference rules {Sequai, Sag, Sqen, Sappiy, Smember) are given for quasi- 
shallow rewrite systems. They can easily be adapted for any rewrite system. On 
the contrary, termination is solely proved for quasi-shallow rewrite systems. 

In order to explain this algorithm, we distinguish termination tests and the 
rest of the procedure called the inference part. 



Inference Let us focus on Lines^^^Jto study problem transformations. 

In lines^^^3 a root symbol is guessed for each variable in the rewriting part, 
and new variables are introduced. Note that we are only interested in transfor- 
mations of the rewriting part of the problem and we get rid of membership and 
differences parts. 

For any pair x,y of those new variables, we guess in Line^Jwhether x = y or 
X y. After, we proceed in such a way predicates 7 ^’', € or — only involve 
variables and not terms of the form f(xi, . . . , x„). 

— Considering atomic formulae /("af) yf g{lf), differences must be propagated 
(if f = g) or deleted (if f ^ g) to the corresponding new variables in iP and 

This is done in Line^3’''^ifh the system Sag- 

— In Line^J a similar treatment is done for membership constraints. It just 
consists in following the automaton rules. 

— In Line^J rewrite (resp. non-rewrite) relations are deleted or propagated. 
This is done with the two systems Sgen and Sappiy Recall that t t' if t 
rewrites to t' by rule r at the root position of t and t' . 

Of course, this step introduces new equalities and new differences between vari- 
ables because some rewrite rules may be non linear. Hence a simplification of the 
problem inferred in Line^Jmust be done. Since a guess has been done in Line 
^Jconcerning equalities or differences between new variables, the simplification 
just consists in two rules, a clash or a substitution, see the system Sequai- 
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Termination tests Termination is controlled in Lines^H We give an informal 
presentation through four cases: 

1. Clash (LineH: the problem contains the symbol _L. This is inferred from 
simple contradictions, e.g. x = y and x ^ y. Clashes can also be discovered 
because a non-rewrite relation cannot be satisfied (see for example rule ^3)- 
When a clash is inferred, the meaning is that choices that have been done 
do not lead to a solution. 

2. Too many differences (LineH- recall that the quantity Dp{s) denotes the 
number of distinct variables whose interpretation must belong to Ly^{s). 

3. Loop (LineH: the current problem is “solution-equivalent” to a problem 
inferred before — i.e. in PP. This is the main test necessary to obtain ter- 
mination. Two problems P and Q are solution-equivalent if they contain 
the same (non-)rewritings and the same membership constraints up to some 
variable renaming in their rewriting part. 

4. Solution (Line^: There is no more rewriting nor non-rewriting constraints 
in the problem. The problem obtained only contains difference constraints 
and membership constraints. The test Linejensures that the conjunction 
of memberships and differences is satisfiable. 



Delete the differences already solved by the 
choice of the head symbol. 

/(^) 7^ g(^) A P 

( 1 ) 

P 

► Where / / y. 



Propagate differences. 



/(^) 7^ /(l^) A P 



Xi^ yiA P 



(2) 



► Where the arity of / is strictly greater 
than 0. 



Unsatisfied differences. 



a ^ a A P 



_L 



(3) 



► Where a is a constant. 



Rule system 1: System Sdiff. Propagate or delete differences. 



3 Concluding Remarks 

Extensions Restriction on rewrite systems implies that no unification constraint 
of the form x = t where t € T{J-, X) occurs in problems inferred along a com- 
putation. This property shows that the satisfiability is only depending on mem- 
bership and rewriting constraints. When we relax restrictions on rewrite sys- 
tems, this property is lost, and thus we cannot prove termination. (By the way. 
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Propagate or delete a membership con- 
straint. 



/(^) € La{s) a P 

Ai £ LA{si) A P 
► Where /(si, • • • Sn) — > s € A. 



( 4 ) 



First clash. No rule in the automaton. 
/(■^) e La{s) a P 



( 5 ) 



_L 



► If there is no rule /(si, • . • Sn) s € 
A. 



Second clash. The automaton is determinisitic. 

f{ip) e La{s) a f{it) e La(s') a p 



(6) 



_L 



► If S 7^ s'. 



Rule system 2: System Smember- Propagate or delete membership constraints. 



with some slight modification of the inference system, one can design a semi- 
algorithm) . 

For instance, let us consider P = {x = h{xi,X2) ; x X2 ; x\ y\ 
with r = /(ofi,a2) ^ 02 and r' = /(ai,a2) — ^ 3(<ai,02)- Due to equalities 
introduced between terms at different height, we can generate a sequence of 
problems whose size is increasing (w.r.t. our ordering). We do not succeed in 
finding a criterion (or a strategy) to limit such expansion while preserving both 
termination and completeness. 

It seems that difficulty arises as soon as one collapsing rule of the form 
f{ai,a2) —>■ 0!i is allowed and even in the case of positive constraints. For a 
better understanding of the problem, a first step could be the study of the case 
when all variables occur at the same height. Another way a research could be 
the study of strategies in the application of our inference rules in order to obtain 
termination while preserving completness. 



Connections with Context Unification Recent works on Context Unification and 
One Step Rewriting show that both problems are closely re- 

lated. But the transition from context unification to rewriting constraints uses 
collapsing rules which are not quasi-shallow. This connection suggests to study 
techniques applied for stratified unification in | 
them in our framework. 



in order to reformulate 
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A rule may be applied at the root posi- ...or below the root position (propagation). 

tion... Let us ehoose subterms where the rewrit- 

r 7 -. inq applies and let say that other subterms 

f(^)^ o(Y)AP ^ . , 

, . are pairwise equal. 



/(^) gilf) A P 

/(^) fl(Y) A P 



/(^) /(r)AP 

Vi Ajju Xj =Vj/\P 



Now for non rewrite relations. 



/(^) tA’’ 5(iT) a P 

(9) 

/(^) fl(Y) A P 

► Where / / 5 . 



There are three eases for non-rewrite relations below the root position. In all cases, the 
non rewriting relation has to be satisfied at the root position. First case: propagation 
where subterms differ. 

f{^) /(r)AP 

(10) 

/(^) 7^: /(in A Xi tA'- yi a yi Xj = yj A P 



Second case: elimination. Two subterms differ. 

/(^) n" /(Y)AP 

( 11 ) 

/(^) frl f{~f) Axif^yiAXmf^ymAP 

► Where I -f m. 



Third case: membership. When all subterms are pairwise equal, the non-rewrite relation 
has to be propagated to every subterm position. But we use membership constraints to 
say that a term cannot be rewritten in itself. 

f{^) n" /(Y)AP 

(12) 

/(■^) filt) Aiixi = ViAXi£ La(s)) a P 

► Where s is a state such that La{s) C Lr. 



Rule system 3: The Sgen system expresses that a (non-)rewriting relation has 
to be satisfied either at the root position or below. It is correct for every term 
rewriting system. 
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Apply a rewrite relation. The first part concern equalities and the second part concerns 
ground terms. 



/(?) fl(?)AP 



f\ (xj=xt)A /\ {xl € LA{Sc,iJ) A P 

(j ,k ,l (o,i)GJ 



(13) 



► Where r is of the form /(a^) ^ g{oA) and I = {{j,k,l,m) \ a\ = a^, {j,k} C 
{1,2}, {j,l) -fi (fc,m)} and J = {(o, i) | a), € T{T)} and s^i is such that LAis^i) = 
{a*}. 



A rewrite relation clashes. 

/(?) g{P)AP 



(14) 



_L 

► Where r is of the form f'{c(^) 
ff'(a 2 ) and f f or g' g. 



For non-rewrite relations. First case: the 
rule has not the good shape. 



fi'x^) -h\ g{~t) A P 



(15) 



► Where r = a 
or Head{fi) 7 ^ g. 



P and TLead{a) 7^ / 



Second case: An equality is not satisfied. 
An equality constraint concerns subterms 
in the left hand side, or the right hand side 
or subterms in both sides. 



/(?) 7^; g{P)AP 



x\ xI^AP 



(16) 



► Where r is of the form /(q^) ^ g{oP) 
where Oj = and {j, fc} C { 1 , 2 } and 
(},/) 7 ^ (fc, m). 



Third case: The rule is of the good shape 
and there is no equality constraint in the 
rule. 



/(^) g{~f) A P 



_L 



(17) 



► Where r = a ^ fi and Var(a) Pi 
Var(/ 1 ) = 0 and TLead{a) = f and 
Head{P) = g. 



Fourth case: Ground parts in the rule assure the non rewriting relation. 

/(^) g{lf) A P 



4 e La{s)AP 



► Where r is of the form /(q^) ^ g{oP) and s is such that La{s) Pi {cfif} = 
(i,o)G J={(o,i)|4eT(P)}. 



(18) 
0 and 



Rule system 4: The Sappiy system consists in rules that apply (non-)rewritings. 
It is correct only for quasi-shallow rewrite systems. 



Clash. 






Substitution. 






X ^ X A P 


(19) 


X = y A P 


( 20 ) 




T 


P[x/y] 



Rule system 5: System Sequai- Treatment of equalities and differences. 
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A New Result about the Decidability of the 
Existential One-Step Rewriting Theory* 
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LIFO, Universite d’Orleans (France), {limet I rety}@lif o .univ-orleans . f r 



Abstract. We give a decision procedure for the whole existential frag- 
ment of one-step rewriting first-order theory, in the case where rewrite 
systems are linear, non left-left-overlapping (i.e. without critical pairs), 
and non e-left-right-overlapping (i.e. no left-hand-side overlaps on top 
with the right-hand-side of the same rewrite rul^. The procedure is 
defined by means of tree-tuple synchronized grammars. 



1 Introduction 

Given a signature S, the theory of one-step rewriting for a finite rewrite system 
is the first order theory over the universe of ground if-terms that uses the only 
predicate symbol — where x y means x rewrites into y by one step. 

It has been shown undecidable in Sharper undecidability results have 
been obtained for some subclasses of rewrite systems, about the 3*V*-fragment 
and the 3*V*3*-fragment 

It has been shown decidable for the positive existential fragment Q, in the 
case of unary signatures Q, in the case of linear rewrite systems whose left and 
right members do not share any variables and for the whole existential 
fragment in the case of shallow rewrite systems without collapsing rules 

In comparison with Q, our result also excludes collapsing rules because of 
the stronger restriction : no e-left-right-overlaps. On the other hand, it includes 
non shallow rewrite rules. In comparison with linearity of rewrite rules is also 
assumed, but it includes the rewrite rules whose members share variables. To 
get this possibility using a technique based on tree automata or tree grammars, 
we must ensure that the two occurrences of each shared variable are replaced 
by identical terms. This cannot be performed by ground tree transducers. Au- 
tomata with equality and disequality constraints can, but they cannot perform 
the closure of (one-step) rewriting by context application. 

On the other hand tree-tuple synchronized grammars {TTSG for short) can 
correctly perform both variable instantiations and context applications, thanks 
to synchronizations. TTSG’s have been introduced by the authors to solve some 
equational unification Q and disunification Q problems. 

* A full version of this paper is available in 

^ Formally, for each rewrite rule I— > r, the two terms I and r' are not unifiable, 
where r' is a renaming of r such that V ar(l) n Var(r') = 0. 

^ Even the theory of several-step rewriting is decidable. 



P. Narendran and M. Rusinowitch (Eds.); RTA’99, LNCS 1631, pp. 118-^^^ 1999. 
@ Springer-Verlag Berlin Heidelberg 1999 
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Given an existential formula in the prenex form, our decision procedure con- 
sists in the following steps : 

First: because of the restrictions, every predicate of the form x —> x has 
no solutions (see Lemma H in Section ^3 : they are replaced by the predicate 
without solutions _L. Next, the formula is transformed into a disjunction of con- 
junctions of items of the form a; — > y or ^(a; — *■ y| The solutions of a; — > y and 
of ^(a; ^ y) are tree-pair languages, which can both be generated by TTSG’s 
(see Section 3 . 

Second: the solutions of a conjunctive factor are obtained by making natural 
joins (called intersection in this paper). Let a; ^ y A G (or ^(a; ^ y) A G) be 
a conjunctive factor and assume that the solutions of G have been computed 
already, as a tree-tuple language. The size of tuples is the number of distinct 
variables appearing in G. Three kinds of intersections are needed : over n com- 
ponents, n G {0, 1,2}, according to the number of variables shared by a; — > y 
and G. Of course, if n = 0 this is the Gartesian product. 

Third : the solutions of the entire formula (without quantifiers) are obtained 
by making unions of languages of tree-tuples of different sizes. By making Garte- 
sian products with the language of all ground terms, we can lengthen tuples so 
that they all have the same lengtlj 

Fourth: the validity of the existentially quantified formula is tested thanks to 
an emptiness test performed on the solutions of the formula without quantifiers. 



2 Overview of TTSG’s 

This section briefly recalls notions and existing results about TTSG’s. For a more 
formal presentation and proofs see We use the classic notions of terms and 
term rewriting systems. Let us just precise a few notations. For any occurrences 
u,v, u < V means that u is a strict prefix of v, i.e. v = u.w for some w ^ e. 
For any term t, 0{t) is the set of occurrences of t and t{u) is the symbol of t 
that appears at occurrence u. Moreover we extend the notion of occurrences to 
tuples in a natural way i.e. (ti, . . . , tn)\i.u = if i S [1, n]. The arity of any 
symbol / is denoted by ar{f). Eyi contains the symbols of S whose arity is 
greater than i. Ihs means left-hand-side. 

A TTSG is a tree-tuple grammar whose terminals are the symbols of S, and 
that contains : 

- free productions, i.e. productions like those of a regular tree language: X => 
/(Ai,...,A„). 

- synchronized productions : {Xi Yi, . . . , A„ Yn\, which means that X\ 
is replaced by Yi,...,A„ by Y„ at the same time (and only at the same 

® The symbols of E are not allowed in formulas. 

^ Lengthening tuples can be necessary even if the lengths are equal. Consider for ex- 
ample two tree-pair languages. If the one provides the valuations of the variables x, y 
while the other provides those of x, z, we have to extend both into triple languages 
providing the valuations of x, y, z, before making their union. 
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time). They are always empty, i.e. they do not generate any terminals. A 
set of productions synchronized together, like {Xi ^ Yi,. . ., A„ ^ F„}, is 
called a pack of synchronized productions. 

A TTSG is denoted by (A, NT, P, I) where NT is the set of non-terminals, P 
is the set of productions, and I is the axiom. Languages generated by TTSG’s 
are called synchronized languages. Note that regular tree-tuple languages are a 
particular case of synchronized languages. 

Example 1. Let E = {f,g,a,b} where f,g are monadic symbols and a,b are 
constants. Gonsider the TTSG whose productions are : 

{X ^F,X'=> G}, {X ^ A,X' ^ B] 

F f{X), G g(X'), A ^ a, B ^ b 
Starting from the axiom (A, X'), we can derive 

(A, A') ^ (F,G) (/(A), 5 (A')) ^ if{F),g{G)) {f {f {X)) , g{g{X' )) 

(/"(A),5"(A')) ^ {r{A),g^{B)) iria),g-{b)) 

Thus we get the language of pairs {(/"(a), 5 ”( 6 )) | n G IV}. 

However when dealing with non monadic signatures, there might be confusions 
when some non-terminals occur several times in a tree. For example if A occurred 
twice and X' also did in a tree-tuple derived from the axiom, there would be 
two possible combinations of synchronizations. To avoid this ambiguity, a control 
integer is associated to each non-terminal occurrence. To make understanding 
easier, the way it works is explained in the sequel by means of Example^ 

A TTSG is without internal synchronizations if for each tree-tuple tt derived 
from the axiom and for each pack of productions PP that can be applied to tt, 
PP does not apply to several occurrences of the same component of tt. 

The TTSG defined in the above example is without internal synchronizations, 
whereas the below one is with. 

Example 2. Gonsider the 1-tuple language defined by the TTSG whose produc- 
tions are : {X ^ F,Y ^ A}, {X ^ A,Y ^ A}, F ^ /(A, Y), A^ a 
Starting from the axiom F we have the derivation : F /(A, Y) 

Now, the first (and also the second) pack of synchronized productions applies 
to the single component /(A, Y), and derives A and Y at the same time. Since 
A and Y belong to the same component there are internal synchronizations. 

The Cartesian product of two TTSG’s is a TTSG, obtained by making the 
union of their productions and the concatenation of their axioms. 

The union of two TTSG’s that generate tuples of the same length is still a 
TTSG. Let G = (A, NT, P, (Ai, . . . , A„)) and G' = (E', NT', P' , (A(, . . . , A'„)) 
s.t. NTf\NT' = %. ThenGUG' = (A U A', ATU AT' U {Hi . . . , P U P' U 
{{Pi ^ Ai, . ..,Bn^ An}, {Pi ^ A}, . . . , P„ ^ {Bl, . . ., Bn)). 

The intersection over p components consists in making the Gartesian prod- 
uct, except that p fixed components in each grammar are merged (by making 
intersections) together. It is the same as the natural join in relational data-bases. 
Performing the intersection of two TTSG’s is much more difficult than making 
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their union. It has been shown in Q that the intersection over one component of 
two TTSG’s is still a TTSG if at least one of the two components to be merged 
has no internal synchronizations. In this case, the resulting component has none 
either. The resulting TTSG needs a more precise control, carried out thanks to 
integer pair J instead of single integers. Fortunately, the TTSG’s defined in the 
sequel have no internal synchronizations. 

The emptiness of TTSG’s is decidable assuming that no non-terminal 
appears more than once with the same control value. Some TTSG’s defined in 
the sequel do not satisfy this property, but they will if modifying them slightly, 
as explained in Q. 



3 Languages for Positive and Negative Predicates 

3.1 Basic Languages 

Let us define a few basic regular or synchronized languages we need in the follow- 
ing. The sets of non-terminals used by the below grammars are pairwise disjoint 
in order to avoid confusions when considering the union of their productions. 

1. The language of ground terms. 

This regular language is generated by the grammar GrG whose axiom is G 
{G for ground) and whose productions are G ^ f{G, ■ ■ ■ ,G) for each f G S. 

2. The language of pairs of arbitrary ground terms. 

This regular language is generated by the grammar GrTT' whose axiom is 
(T, T') (T for term) and whose productions are : 

/(T'V.V.^r ) } ^ ^ ^ 

3. The language of pairs of identical ground terms. 

To get two identical terms, synchronizations are obviously necessary. This 
synchronized language is generated by the grammar GrTT whose axiom is 
(Ti,r{), whose synchronized productions are: 

{Ti ^ Tf, r/ => r)-} for each i G [1, MaxArity] and each f G S 
and whose free productions are : 

T/ ^ /(Ti, . . . , T„), T} ^ f{T[, . . . , T;) for each fGE 

where MaxArity is the maximal arity of symbols of E, and Ti, T 2 , . 

are non-terminals (respectively T[^T!^^ ... ^T'p 

Example 3. Let S = {a, 6, /} where a, b are constants and / is a binary 
symbol. The productions are : 

{Ti ^ T{ ^ ra, {Ti ^ n, T[ ^ T'}, {Ti ^ Tf, T[ ^ T'}, 

{T2 => T' => ra, {T2 => n, T' T'}, {T2 =» Tf, T' ^ T'}, 

Ta ^ a, T' ^ a, n ^ 6, T' ^ b, Tf ^ /(Ti, T^), T'f ^ /(T{, T') 

® And integer tuples when making several intersections incrementally. 



122 S. Limet, P. Rety 



From the axiom (Ti, T{) we can derive (the control is written just above the 
non-terminals) : 

(Ti, T[) ^ {Tf, T}) (/(Ti,A), f{T[,T^)) 

^ {f{Tf,T2), f{T',h) U{f{T,A)A), f{f{T[A)A)) 

^ {f{f{TaA)A), f{f{T'aA)A)) if{f{a,T2),T2), /(/(a,T'),r')) 

Free productions leave control unchanged, whereas synchronized productions 
increase it into a value not yet used. At this stage, T 2 appears twice in the first 
component, while appears twice in the second one. Of course the leftmost 
T 2 must not be derived together with the rightmost into identical terms. 
This is the role of control integers : only non-terminals that have the same 
control integer can be derived (synchronized) together. So : 

^ {f{f{a,n),T 2 ), f{f{a,Tl),T')) (/(/(a, 6), ^), f{f{a,b),T')) 

^(/(/(a,6),£), f{f{a,b),h) if if {a, b), a), /(/(a, 6), a)) 

4. The language of contexts. 

A context is a ground term that contains one hole denoted by T (T ^ A). 
This regular language is generated by the grammar GrC whose axiom is C 
{C for context) and whose productions are those of GrT plus : 

G^± 

^ . ff^ T G T Tl ^ each f Cz A>o 

and each position of C as an argument of / 

5. The language of pairs of identical contexts. 

The hole of the second component is denoted by U instead of T. This 
synchronized language is generated by the grammar GrGG whose axiom 
is {Gi,G[), whose productions are those of GrTT plus the synchronized 
productions : 

{Cl ^ Gx, G{ ^ Cil 

{Cl C/,i, C{ Gf ^} for each / e A>o and each z G {1, . . . , ar(/)} 
and the free productions : 

C_L ^ T, C(l ^ T' 

C/,i ^ /(Ti, . . .,Ti_i,Ci,Ti+i, . . .,T„) for each / e A>o 

^'f,i ^ and each z G {1, . . . , ar{f)} 

where Ci, Cj_, C/,i, . . . are non-terminals (respectively G[,G'j_, . . .). 

6. The language of pairs of different ground terms. 

The idea consists in generating a branch that contains at least one clash 
(only the first one is forced), and anything elsewhere. This synchronized 
language is generated by the grammar GrTT whose axiom is {D,D') {D 
for different), whose productions are those of GrTT' plus the synchronized 
productions (C/ is for generating every term whose root symbol is /) : 

{D Df^i, D' D'f i} for each / G A>o and each z G {1, . . .,ar(/)} 
{D Gf, D' G'g} for each f,g G S s.t. / yf 5 
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and the free productions : 

Df,i=> f{T,...,T,D,T,...,T) for each / e X'>o, i € {1, . . . ,ar{f)}, 
D'j: ^ f{T', . . . , T' , D' , T' , . . . , T') s.t. D {D') is the argument of / 

G^lT/(rvV.', r) } ^ ^ ^ 

where are non-terminals (respectively D'f i, ■ ■ ■ , G'j , . . .). 

We can also deal with formulas that contain the equality predicate since the 
solutions of a; = y are generated by GrTT, and those of ~^{x = y) by GrTT. 

3.2 The Language C of Solutions of x — > y 

Now, the grammar Gr that generates C can be easily defined. Roughly speaking, 
we have to generate all {G[al],G[ar]). 

1. The language of rewrite rules. 

This is the set of pairs of terms (^, r) where ^ > r is a rewrite rule whose 

variables are replaced in the following way : each variable x of I (resp. x of 
r) is replaced by the new symbol X (resp. X'). Note that X,X' ^ X. This 
language is finite, then regular. Let GrLR be a grammar that generates this 
language, and let (L, R) be its axiom. 

2. The language £. 

C is generated by the grammar Gr whose axiom is (Gi, G(), whose produc- 
tions are those of GrGG (for generating two identical contexts), plus those 
of GrLR (for generating left and corresponding right-hand-sides), plus those 
of GrG and GrTT (for generating ground instances), plus the synchronized 
productions (for making links between the four used grammars) : 

{± L, _L' ^ R} 

{X => Ti, X' => T[} for each x G Var{l) n Vor(r) ) 

{X G} for each x G Var{l) \ Vor(r) > for each rule I — > r 

{X' G} for each x G Var(r) \ Var{l) J 

Note that _L, _L', X, X' , . . . are now considered as non-terminals. 

3.3 The Language of Solutions of — i(x — > y) 

We guess that the languages generated by TTSG’s are not closed by complement. 
Fortunately, we need only to complement the language C, which is a particular 
case. Instead of computing the complement of Gr, we directly represent by 
a TTSG (denoted Gr), by studying the solutions of ^(x ^ y) carefully. 

Definition!. Let ti,t 2 &e two different ground terms. Let Uc^, ■ ■ ■ ,Uc„ (ex- 
haustive list) he the outer clash occurrences between t\ and t 2 , i.e. 

Vi, Uci G 0{ti) n 0{t2) A tffuci) ^ A Vu < Ua, tffu) = t 2 {u) 

A father of clashes is any occurrence Ufa located outer than or equal to all outer 
clash occurrences (i.e. Vi, Ufa < Ua). Note that all fathers are located on the 
same branch, going from occurrence e to the innermost father Ui / . 
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The notions of father and innermost father are essential with respect to one- 
step rewriting. Indeed, if ^2, all clashes between and ^2 must 

disappear when replacing al by or. Then necessarily u is a father occurrence 
(otherwise at least one clash located outer than u or in another branch would 
not disappear when rewriting ti). In other words, if u is not a father occurrence, 
then ti y^[u]t2- 

Assume now that some left-hand-side I overlaps in at some father occur- 
rence u, i.e. ti = ti[u ^ al] and u < Uif. 

Lemma 2. Within t\ = ti[u ^ al], if I does not cover the innermost father 
occurrence utf, i.e. Uif = u.v.w where v is a variable occurrence of I, then 
tl 7^[u, l^r] t2- 



Lemma 3. No term can rewrite by one step into itself. 

Consequently, ti 1 2 iS one of the three following cases holds. 

1. Some left-hand-sides li, . . .,lk (exhaustive list) overlap in ti at father occur- 
rences, and cover the innermost father occurrence Uif, but the terms reached 
by one-step rewriting thanks to these redexes are all different from t 2 . 

2. No left-hand-side overlaps in ti at father occurrences. 

3. ti and t2 are identical. 

Let Ccase-I, Ccase-2, tdcase-s be the languages of pairs of ground terms (ti,t2) 
defined by respectively case 1, case 2, case 3. Thus = £case-i U Lcase-2 U 
hd'case—Z' 

The language Lcase-z is generated by the grammar GrTT. For Ccase-i (resp. 
^case-2), we split the problem into two simpler ones. We define : 

— the language Cq of pairs of different ground terms (ti,t2), where the inner- 
most father occurrence Uif is marked by replacing in ti the symbol (say g) 
appearing at Uif by a new symbol gif. This amounts to deal with the ex- 
tended set of symbols S' = S U Sif that contains an additional symbol gi / 
for each symbol g G S. 

— and the language £1 (resp. £2) of pairs of ground terms (^1,^2), such that 
ti contains one symbol of Sif at an arbitrary position Uif and such that 
the condition of case 1 (resp. case 2) is satisfied, Uif being considered as the 
innermost father. 

Note that £i (resp. £2) does not ensure that Uif is the actual innermost father 
position with respect to the existing clashes between ti and ^2- This is the role 
of £q. Therefore £case-i = £0 F £1 (resp. £case-2 = £0 F £2) after replacing 
each symbol of Sif by the corresponding symbol of S. Note that this symbol 
replacement does not change anything with respect to emptiness. 
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Generating Cq : contains all pairs of the form {C is any context and 

means any ground term(s)) : 



1. {C[fif {. . .)], C[g {. . .)]) where f ^ g. This is the particular case where there 
is only one outer clash. And then the innermost father and the outer clash 
coincide. 

2- {C[g{. . . , S2, ■ ■ ■ , S2, ■ ■ ■)] where si yf S2, s'l yf s'2. 



The grammar Grp that generates Cq can be easily defined thanks to the previ- 
ously defined grammars. Its axiom is (Gi,GQ and its productions are those of 
GrCC (for generating two identical contexts), plus those of GrTT' (for gener- 
ating pairs of arbitrary ground terms), plus those of GrTT (for generating pairs 
of different ground terms), plus the productions for case 1 (O as Outer clash, 
NO as Non Outer clash) which are: 






Of, T' ^ Og} for each f,g € S s.t. / yf 5 

O/ 



O 



f 






and the productions for case 2 (T means T, . . . ,T) : 

for each g £ X ’>2 












NO. 

NO' 



9.* J 



9,*J 



' 9if{T,Di,T, D2,T) 
g{T',D[,T',D' 2 ,T') 

{Di 

{D 2 



and each i,j £{!,... ,ar{g)} s.t. i < j 
for each g £ S> 2 , i,j £ {1, . . . ,ar{g)} s.t. i < j 
where Di (D() is the argument 
D 2 {D' 2 ) is the argument 
D, D[ ^ D'} 

^D,D'2^ D'} 



where Of, NOgfj, . . . are non-terminals (respectively O'g, . . ., NO'g^j , . . .). 



Generating Ci : Assume some left-hand-side I overlaps in G at some father 
occurrence u, s.t. I covers utf within ti. We have u < Uif and ti = ti[u ^ al]. 
Let t' be the term obtained by rewriting ti at occurrence u: <— or]. 

Let us first show that the following assumption is impossible : Suppose there 
is another (or the same) left-hand-side I' that overlaps in ti at some position 
u' < Uif, s.t. I' also covers Uif. Since I and I' are both linear, and moreover 
they share the same occurrence Uif of G, they overlap necessarily, which is in 
contradiction with the non left-left-overlapping restriction. 

Therefore, to ensure that G 7 ^ ^ 2 , checking that ^2 is different from t' is 
enough. In other words, £1 contains all pairs (G, G) of the form {0[akf], 0[ar\} 
where G is any context, a is any substitution, I ^ r is any rewrite rule, lif is 
obtained from I by replacing one arbitrary symbol (say /) by the corresponding 
symbol of Sif (i.e. /i/), and 0[ar] denotes any term different from 0[ar], 

However, the above explanation does not take into account the possibility 
of having several t' for fixed G> u, I r; in other words several G[(jr] for one 
0[alif]. This case happens when r contains some variables that do not appear 
in I, since these variables can be instantiated by any ground term. So, forcing 
a clash with respect to some t' within the instances of such variables does not 
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ensure that we get a term different from all potential t' . To process this case 
correctly, we just have to force the clash elsewhere. 

Besides, the clashes between ti and t2 occur only below UiJ^ As utf belongs 
to the part brought by kf, there is no clash in the part brought by C. So 
computing as (^[CTr] U C[ 6 r\ where ar denotes an instance of r different 

from err and Or denotes any term non instance of r, is enough. Or again, C\ can 
be computed as the union of the languages L'l and CJ[ defined below. 

- A = iC[akf], C[ar]). 

The TTSG that generates C[ looks like Gr (language £ in Section ^ 3 - 
The main difference is that an arbitrary variable of Var{l) H Var(r) (don’t 
know choice) is instantiated in I and r by two different terms, thanks to 
GrTT, while other variable occurrences are replaced by any ground term. 
Thus there is at least one clash between the substitution applied to Uf and 
the one applied to r. 

- G{={G[akf],G[W]). 

The TTSG that generates £" looks like Gr as well, except that to generate 
Or, we generate an arbitrary branch of r that reaches to a clash with a non 
variable occurrence of r, and any ground terms on the other branches and 
below the clash. 



Generating £2 : £2 contains all pairs (£,^2) such that £ is any ground term 
that does not belong to the projection on the first component of £1, and £ is any 
ground term. The projection on the first component of £1 contains the terms of 
the form G[alif], which is obviously a regular language. Its complement is also 
a regular language. £2 is obtained by computing the Gartesian product between 
the complement and the language of all ground terms. 

The complement is computed with respect to S Li Si f. So it owns, among 
others, terms that contain no or several symbols of Sif. These terms are wrong 
because they do not make sens J But it does not matter since these wrong terms 
will be deleted when making intersection with £q, all terms of which just contain 
one symbol of Sif. 

4 Intersection over Several Components 

The intersection over several components is needed because of conjunctions in 
formulas and also for computing Lcase-i and Lcase-2- Lengthening the tuples 
by making Gartesian products with the language of all ground term J (to get 
tuples of the same size), and nesting tree-tuples below a new symbol (to get 
single trees), allows to transform the intersection over several components into a 
classical intersection between tree languages. Thus in the following, we deal with 
tree synchronized grammars {TSG for short) instead of TTSG’s. However these 

® Actually, this is not ensured by £ 1 , but this will hold when computing £0 H £ 1 . 

^ There is only one innermost father. 

® In the same way as done when making unions. See footnote 5, or Q for more details. 
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TSG’s contain internal synchronizations even if the initial TTSG’s do not. As 
guessed in Q, we think that in general, the resulting language cannot be gen- 
erated by a TSG. Fortunately, the TTSG’s to be processed satisfy the following 
particular property : the difference of depth between any two synchronized points 
is bounded. Of course it still holds in the corresponding TSG’s. However this dif- 
ference is not necessarily equal to 0, which causes a major difficulty, as explained 
in Section This difficulty is solved in Section ^3 by first transforming the 
grammars to make the depth difference equal to 0. 

4.1 Intersection of TSG’s 

Recall that in the most general case, control numbers are actually integer-tuples. 
So in the following, the synchronized grammars are denoted by 5 -tuples instead 
of 4 -tuples because a new component (the first one) has been added to mention 
the size of these integer-tuples. Packs of synchronized productions are denoted 
by {■ . .}fc where k is an integer (called the level of the pack) meaning that only 
the component of the control tuple is incremented when applying the pack 
(see B for more details). Rec{G) denotes the language recognized (generated) 
by the grammar G. 

The TSG intersection is mainly based on the regular tree grammar intersec- 
tion. The difference is that we have to take care of control numbers. In order to 
make the intersection of Gi and G2, consider G3 as defined below. 

Definition 4 . Let Gi = (S'i,Ci, fVTi, Pi, G) and G2 = {82, C2, NT2, P2, I2) 
be two TSG’s. 

Let G3 = (iSi -I- S'2, Cl U C2, NTi x NT2, Fr U Sni U Su2, 11I2) where 

- Fr = {X1X2 ^ c(Yi, 1^2,1, ■ ■ ■ , Ih,„F2,n) such that 

Xi ^ c(Ti,i, . . .jTi.n) G Pi and X2 ^ 0(^2, 1, ■ ■ - ,>2.^) G P2} 

- Sni = {{XiYi ^ A(Ti, . . . , ^ X'Mk such that 

{Xi ^ A( , . . . , A„ ^ X'Jk G Pi and \/i G [ 1 , n] Y, G NT2} 

- Su2 = {XiYi ^ XiY {, . . . , A„y„ ^ XnYf}si+k such that 

{{Ti =» y/, . . . , ^ Yf}k G P2 and Vz G [ 1 , n] X, G NTi} 

The control tuples of G3 are obtained by concatenating those of Gi with 
those of G2. This allows to avoid confusions between the control coming from 
Gi and that coming from G2 when deriving G3. 

It is easy to verify that Rec{Gz) C Pec(Gi)nPec(G 2 ) because of the way G3 
is built (The proof is done with a classical induction on the length of the deriva- 
tions of G3). But unfortunately Pec(Gi) n Rec{G2) % Rec{Gs) as illustrated by 
the following example. 

Example 4 - Let C = {c, s, 0 }, NTi = {Xi\i G [ 1 , 6]}, NT2 = {Yi\i G [ 1 , 6]}, 

Pi = {Ai c{X2,Xs),X2 s{X 4 ),X 5 => s{Xe),Xe ^ 0,(^3 => As,A 4 ^ 

A'eji}, 

P2 = {Li ^ c{Ys, Y2),Y2 s{Y 4),Y5 s{Ye),Ye 0 , {^3 ^ Y4 reli} 

Let Gi = (l,C,iVPi,Pi,Ai) and G2 = ( 1 ,C, iVr2, ^2, Ti) 

G3 = ( 2 , C, NTi X NT2,Fr U Sn^ U Su2, X^Yi) where 
Fr = {AiFi ^ c(A 2F3, X3i"2), ^2^2 ^ s(A4lL4), AgTs ^ ^(Aeye), 
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XaFs ^ s{X 4 Yg),X 5 Y 2 ^ s{XeY 4 ),XeYe ^ 0} 

Sni = {{X^Yi X^Yi, X4Yj XeYj}i such that i,j G [1, 6] } and 
Su2 = {{X,Y 3 ^ X,Yg,XjY4 ^ XjYq} 2 } such that i,j G [1, 6] } 

Obviously Rec{Gi) = Rec{G2) = {c(s(0), s(0))}. Unfortunately Rec{G3) = 

0,0 0,0 0,0 

0. Indeed XiYi^ c{X2Y3, X3Y2) and no more productions can be applied be- 
cause X2Y3 requires a non terminal of the form XiY4 to perform a synchro- 
nization and X3Y2 requires a non terminal of the form X4Yj. So each branch 
of the term is waiting for the other, which is a kind of deadlock. This happens 
because Gi and G2 have leaning synchronizations, i.e. in their derivation appear 
some synchronization points that are at different depths. So a sufficient condi- 
tion to get Rec{G3) C Rec{G\) n Rec{G2) is that Gi and G2 have no leaning 
synchronizations. This condition clearly still holds for G3. 

In fact, a leaning synchronization is a set of non-terminals such that their re- 
duction may cause depth differences between further synchronization points. 

In the following definition, |u| is the depth of the occurrence u, is a step 
that applies a pack of productions of level i, and tt denotes a derivation 
that does not apply any packs of level i s.t. tt is either irreducible or reducible 
only by packs of level i. 

Definition 5. Let G = {S, C, NT, P, I) be a TSG. 

A synchronization of level i is a set of non-terminals which is either {/} or 
{^1, . . . , ^ri} such that 3{^l X'^, . . . , X^ ^n}i G P ■ 

For {Xi , . . . , Xn} a synchronization of level i, Next{{Xi , . . . , Xn}) denotes the 

ci dfi d d,^ 

set defined by {{h , . . .,t„} s.t. {Xi , . . .,X„) {X{, . ..,Xf) (ti , . . 

For the synchronization {/} and for each level i, Next{{!}) = t}- 

A synchronization {^1, . . . , Xn} of level i is said leaning if 3 tt G Next{{Xi , . . . , 
Xn}), 3 u,u' G 0 {tf) such that both tt{u) , tt{u') are non-terminals and |u| yf |u'|. 
A synchronization {Xi, . . . , Xn} of level i is said finite if Next{{Xi, . . . , Xn}) 
is a finite set. 

A TSG without leaning synchronizations is called a balanced TSG. 



Lemma 6. Let G be a balanced TSG, in any derivation of G, if 
{Xi li, . . . , Xn Yn}i applies at occ. u\ . . .Un then |ui| = . . . = |u„| . 

This property prevents from deadlocks when making intersection because all syn- 
chronized non terminals are always at the same depth. Unfortunately, the TSG’s 
built from one-step rewriting formulas are not necessarily balanced because vari- 
ables may appear at different depths in the rewrite rules. The only non-balanced 
languages are C and L}, due to the leaning synchronization {_L,_L'} and the 
pack {_L L, U R}. This leaning synchronization cannot be applied in- 
finitely many times (actually only once), which prevents from increasing the 
depth difference between synchronization points in an unbounded way. So the 
object of the next subsection is to give an algorithm to transform such grammars 
(called quasi-balanced) into balanced ones. 
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4.2 Prom Quasi-balanced to Balanced TSG’s 

Definition 7. Let G be a TSG and {^i, Xn} a synchronization of level i. 

ct 1 ct.fl 

{Xi, . . . , Xn} is said recursive if there exists a tuple tt s.t. {Xi , . . . , X„) tt 
whereof G [^,n] dj\i = ct\\i (the other components of the controls being any) 

and there exist ui,...,Un G 0{tt) such that Vj, tt{uj) =Xj and ctj\i = ct'{\i. 
Otherwise {Xi , . . . , Xn} is said non-recursive. 

A TSG G is said quasi-balanced if any leaning synchronization is finite and 
non-recursive. 

Now, we have to prove that the class of languages recognized by quasi- 
balanced TSG’s is the same as the class of languages recognized by balanced 
TSG’s. For that we give an algorithm that transforms any quasi-balanced TSG 
into a balanced one. 

The main idea of this algorithm is to re-organize synchronizations so that the 
synchronized points appear at the same depth. To do that, the algorithm ’’cuts” 
the slopes at the depth of the higher synchronized non-terminal. This cutting 
operation needs the algorithm to look in advance at the tree-parts that will be 
generated later. For that it creates new 13j 

non-terminals whose names encode the tree-parts to be produced. For sake of 
simplicity we present the algorithm for TSG’s whose control numbers are single 
integers (which is enough for the one-step rewriting problem). 

First, let us define the new non-terminals and the way to decode their names. 



Definitions. Let G = (1, C, 7VT, PP, /) be a TSG. AheadNT(G) = {X* \ 
X G NT, i G IN , t G T{C, NT x IN) LI {e} } where e is a new symbol. 

i ^2 

Let X*€ AheadNT(G), term{X^) =X when t = e and t otherwise. 

Roughly speaking, X is the actual non-terminal, t is the term to be generated 
from X {\i t = e there is no restriction on the term generated from X). So the 
function term allows to look ahead in the derivation. Note that AheadNT(G) 
is infinite, but thanks to the non-recursivity of leaning synchronizations only a 
finite part will be used by the algorithm. In the following term{{Ai, . . .,An}) 
where Vz, Ai G AheadNT(G), will denote {term(^i), . . . , term(^„)}. Now let 
us define some notations needed in the algorithm. 

Definition 9. Let G = (1,C, NT, P, L) be a TSG and s be a finite subset of 
AheadNT(G). s is said 

i 

— free if V X*G s there exists a free production X c{X\, . . ., Xn) G P and 
either t = e or t = c(ti , . . . , t„). Moreover we denote, 

NF{s) = Li {X{\...,Xl^-} andNFP{s) = L i {h ^ c{X{\ . . . , Xf«)} . 
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minimally synchronized ifU » term{X*) contains only synchronized non- 
terminals and all these non-terminals can he derived (i.e. none of them are 

i i 

waiting for another non-terminal of its synchronization) and\f X*G s, s\{X* 

il i„ 

} is not minimally synchronized. In that case, NS{s) = {{Xl^ , . . . , X)^ 

'i'l in 

} such that term{s) term{{Xl^ , . . . , X)^"}) where one and only one 
synchronized production has been applied to each non-terminal ofterm(s). 

NSP{s) = such that s = {Yf\ . . . , Y^-}, {x\^ 

, . . . , Xlp} G NS{s) and term{s) term{{X\^ j ■ ■ ■ j 

i i 

completely synchronized z/V X~^G s, term{X*) contains only synchronized 

in 

non- terminals. In that case, Pa{s) = {{Xl^ , . . . , X)^} such that this set is 
minimally synchronized }. 

Now the algorithm is given thanks to these 4 inference rules. 

D TDu{s} R D TDu{s} R 

D U {s} TD U {s'} \D Ru{p} D U {s} TD U Pa{s) \D R 



D 



TD U {«} 



R 



D U {«} TD U NF{s) \D RU NFP{s) 



(3) 



D TDu{s} R ,,, 

D U {s} TD U NS(s) \D RU NSP(s ) '' '' 

i 

(1) Look Ahead if s is not free and Y^G s such that term{t) term{t') with 
the free production X c{Xi, . . ., A„). 

2 ^ 2 ^ 
p denotes the production and s' the set (s \ {F*}) U {F* } 

(2) Partition if s is completely synchronized but not minimally synchronized. 

(3) Free if s is free. 

(4) Sync if s is minimally synchronized. 



Comments: D stands for Done, TD for To Do and R for Result. To transform 
a quasi-balanced TSG G into a balanced one, one has to initialize the sets D and 

R to 0, and TD to {/} (i.e. the axiom of G). Then the inference rules are applied 
in a don’t care way as long as possible. At the end, R contains the productions 
of the new TSG (the non-terminals being deduced from the productions). For 
each step, s is a subset of AheadNT representing non-terminals appearing at the 
same depth in a derivation of G, associated with their ahead terms when leaning 
synchronizations are detected. The role of each inference rule is the following: 
Look Ahead is applied when s is neither free nor totally synchronized, which 
means that at the same depth in a synchronization of G there are some non- 
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terminals waiting for synchronization and some others that can be derived with 
a free production. This case happens while visiting leaning synchronizations. So 
Look Ahead will apply the free productions on the Ahead terms of the non- 
terminals instead of the actual non-terminal to find the next synchronization 
points. It generates empty free productions (i.e. production that do not produce 
any terminal symbols). These production can be easily eliminated afterwards 
but they simplify all the proofs. 

Partition is applied when s is completely synchronized, which means that 
term{s) contains only synchronized non terminals, so the ahead terms are big 
enough to know what will happen when applying a synchronized pack of produc- 
tions on non-terminals appearing at different depths. So partition divides s in 
subsets which are minimally synchronized, i.e. the non-terminals of each subset 
are actually bound by synchronization constraints. 

Free is applied when s is free i.e. when all the non-terminals of s can be 
derived without synchronization constraints. So the free productions are applied 
on the Ahead non-terminals at the same time in order to keep the new non- 
terminals at the same depth. The free productions are stored in the result. 

Sync is applied when s is minimally synchronized (i.e. all the non-terminals 
of term{s) are actually to be synchronized) and the ahead terms are big enough 
to know what happens next, all the possibilities are explored and all the corre- 
sponding new synchronized productions are created. Note that thanks to Free 
we know that the ahead non-terminals of s always appear at the same depth in 
a derivation of the new TSG. 

The application of the inference rules terminates because the depth between 
two synchronization points is bounded, so the depth of the Ahead terms is 
bounded, so the number of AheadNT’s used in the algorithm is bounded, so 
the number of different sets of AheadNT’s is bounded. 

So from a quasi-balanced TSG G = (1, C, NT, P, I) we get G' = (1, C, NT, R, 

0 

T). G' is balanced from its construction. The last step is to prove that Rec{G) = 
Rec{G'). For that we make a correspondence between derivations of G' and 
derivations of G using the terms of G' where AheadNT’s have been expanded 
with the function term. 



5 Further Work: Weakening the Restrictions 

A referee has pointed out that our method can be easily extended to deal with 
rewrite systems that have critical pairs between different rules. If the rewrite 
system is R = {ri, . . ., r„}, just replace each a; — > y in the formula by x ^[n] 
y V ... V a; ^[r„] U, bring the formula into a disjunctive form, and adjust the 
method (which is easy) to take into account the new predicate symbols. 

Besides, we conjecture that the method could be extended to deal with 
rewrite systems that have non linear right-hand-sides, and collapsing rule^ 

I.e. non e-left-right-overlapping is still assumed, except for collapsing rules. 



9 
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The non-linearity of rhs’s creates internal synchronizations in languages. 
However the difference of depth between synchronization points is bounded. 
The intersection problem in this case has been solved already in Section^ and 
the proof of lemma H seems to still hold. On the other hand, it seems nearly 
impossible to weaken the linearity of left-hand-sides because £2 is obtained by 
complementing a regular language, which would not be regular any more. Of 
course, a reduction automaton could be used, but it would not be deterministic, 
which prevents from computing the complement. 

Within £1, the verification that the rewrite step is impossible is ensured by 
the failure of one rewrite rule applied at one occurrence. This is enough thanks to 
the restrictions. But we think that the number of failures to be ensured becomes 
unbounded if there are e-left-right-overlapping rules that are non-collapsing. 

So the question still arises : is the existential fragment of one-step rewriting 
theory without any restrictions decidable ? 
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Abstract. We present the first fully syntactic (i.e., non-interpretation- 
based) AC-compatible recursive path ordering (RPO). It is simple, and 
hence easy to implement, and its behaviour is intuitive as in the stan- 
dard RPO. The ordering is AC-total, and defined uniformly for both 
ground and non-ground terms, as well as for partial precedences. More 
importantly, it is the first one that can deal incrementally with par- 
tial precedences, an aspect that is essential, together with its intuitive 
behaviour, for interactive applications like Knuth-Bendix completion. 



1 Introduction 



Rewrite-based methods with built-in associativity and commutativity (AC) 
properties for some of the operators are well-known to be crucial in theorem 
proving and programming. Therefore a lot of work has been done on the de- 
velopment of suitable AC-compatible reduction or simplification orderings, like 



'All! S^TSUW 



tial additional property of the ordering that is needed in order to preserve the 
completeness of most rewrite-based theorem proving techniques (modulo AC) is 
AC-totality, i.e. the totality on (AC-different) ground terms. 

Since the initial attempts, it has always been an aim to obtain AC-compatible 
versions of Dershowitz’ recursive path ordering as it is simple, easy to 

automate and use, and normally orients the rules in an adequate direction. In 
we gave the first RPO-based AC-total and AC-compatible reduction or- 
dering without any restriction on the number of AC-symbols or on the precedence 
over the signature. Unfortunately, although being defined in terms of RPO, it 
does not behave like RPO; e.g. it does not orient the distributivity rule in the 
“right” (i.e. distributing) way, since a transformation on the terms is applied 
before using RPO (this approach, with different transformations, is also used in 
among others). Therefore, a better approach seems to be to directly ap- 
ply an RPO-like scheme, treating as the only special case the AC-equal-top case, 
that is, when both terms to be compared are headed by the same AC-symbol. 
In this direction the first AC-compatible simplification ordering with an RPO 
scheme was defined in and the first one AC-total on ground terms in 



* Partially supported by the ESPRIT working group CCL-II, ref. WG # 22457. and 
the CICYT project HEMOSS ref. TIC98-0949-C02-01 



P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 133-^^| 1999. 
@ Springer-Verlag Berlin Heidelberg 1999 





134 Albert Rubio 



^^^JOther simpler proposals for AC-orderings with RPO scheme were given 
in^^^^Q and in 

However, all these AC-orderings need to interpret terms (apart from flatten- 
ing) in some way, which makes their behaviour less intuitive, unlike it happens 
with the standard RPO, whose simple fully syntactic definition has been an 
important reason for its success. 

In this paper we propose the first fully syntactic AC-RPO, i.e., no interpreta- 
tion is needed apart from flattening. It is simple, and hence easy to implement, 
and its behaviour is intuitive as for the standard RPO. The ordering is AC- 
total, and defined uniformly for both ground and non-ground terms, as well as 
for partial precedences. 

Moreover, precisely due to the fact that it is not interpretation-based, it is 
the first AC-RPO that can deal incrementally with partial precedences, i.e. if 
s y t, then s y t under any extension of the precedence. This aspect is essential, 
together with its intuitive behaviour, for interactive applications like Knuth- 
Bendix completion. Of course, previously existing orderings could work with 
partial precedences, but in a useless way, simply by considering an arbitrarily 
chosen total extension of the partial precedence, and hence loosing incremental- 
ity. 

In order to introduce the concepts smoothly we give the ordering in three 
steps, first for ground terms and total precedences, then for terms with vari- 
ables and total precedences and finally for terms with variables and partial 
precedences, each definition strictly extending the previous one. For this rea- 
son we prove all properties only for the last one, showing that it is indeed an 
AC-compatible simplification ordering. 

The paper is organized as follows. In the following section we give some 
basic notions and definitions. In sectionHwe introduce the ordering for ground 
terms and total precedences. Sectionals devoted to terms with variables and 
total precedences. In sectionHwe generalize the previous ordering for dealing 
with partial precedences and in sectionHwe prove that it is an AC-compatible 
simplification ordering. Conclusions are given in section H 

2 Preliminaries 

In the following we consider that IF is a finite set of function symbols that is 
(partially) ordered by a precedence where IFac is the subset containing all 
AC-symbols of T . 

The arity of a function symbol / is a natural number that indicates the 
number of arguments that / may take. If / S T ac then its arity is greater than 
or equal to 2. T(lF) and T(lF, X) are defined as usual according to these arities, 
if A is a set of variables, whose elements will be denoted by a;, y, z , . . ., possibly 
with subscripts. The size of a term t, i.e. the number of symbols of t, is denoted 

by |i|. 

We denote by =ac tbe congruence generated on T(lF, X) by the associativity 
and commutativity axioms for the symbols in Tag- In what follows we will 
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ambiguously use =ac to also denote the standard extension of AC-equality to 
multisets (and in fact to any other structure). 

A term rewriting system (TRS) is a (possibly infinite) set of rules I — > r 
where I and r are terms. Given a TRS R, s rewrites to t with R, denoted by 
s t, if there is some rule ^ > r in R, s|p = la for some position p and 

substitution a and t = s[ra]p. 

In the following terms are flattened wrt. the AC-symbols. The flattening of 
t, denoted by t, is the normal for of t wrt. the infinite TRS containing the rules 

/{xi,..., Xnj /(j/l ) • ■ ■ ) ym)i Zi, . . . , Zr) > f{xi,..., Xm J/l , . . . , J/rnj ^ Zr) 

for every / G Fac and n,m,r > 0. Due to flattening, the AC-symbols have a 
variable arity. We assume that all other symbols have a fixed arity. 

Let s and t be two terms such that s = f{si,...,Sm) and t = g{t \, . . . , t„). If 
s =AC t then f = g, m = n and s is equal to t up to permutation of arguments 
for the AC-symbols. We will denote this equality up to permutation of arguments 
also by =ac- The top-flattening of a term s wrt. an AC-symbol /, denoted by 
tff{s), is a string of terms defined as t/)(/(si , . . . , s„)) = si, . . . , s„ and t/As) = s 
if top{s) yf /. 

Let s, t, s' and f be arbitrary terms in T(lF, A), let u be a non-empty 
context in T(lF, A) and let ct be a substitution. Then an ordering on T(lF, A) 
(a transitive irreflexive relation) is monotonic if s y t implies u[s] u[t], and 
stable under substitution if s >- t implies sa >- ta. Monotonic orderings that are 
stable under substitution are called rewrite orderings. An ordering fulfills the 

subterm property if u[t] >- t and the deletion property if f{. .. s ...)>- f{ ) 

for every variadic symbol /. A rewrite ordering that fulfills the subterm property 
and the deletion property is called a simplification ordering and is well-founded: 
there are no infinite sequences t\ >- t^ >- . . . An ordering is AC-total on ground 
terms if when s and t are ground terms, either s>-t or t>-s or s =ac t- Finally 
an ordering is AC-compatible if s' =ac s >- t =ac t' implies s' t' . 

Given a TRS R, a terms s rewrites to t with R modulo AC, denoted by 
s ^R/AC if s =AC s', s' Ip = la for some term s', position p and substitution 
a, and t =ac s'[ra\p. A TRS R is terminating for rewriting modulo AC if there 
is some AC-compatible simplification ordering such that I >- r for all rules 
I r in R. 

Given a relation )^, the (AC-)lexicographic extension of on sequences, 
denoted by >~iex, is defined by: (si, S 2 , . . .) >~iex {ti, t 2 , . . .) if there is some Sj s.t. 
Sj >- tj and we have Sj =ac ti for all i < j. 

Given a relation )^, the (AC-)multiset extension of on finite multisets, 
denoted by is defined as M = {si, . . . , Sm} >- {C, . . . , t„} = A if (i) M yf 0 

and A = 0; or (ii) Sj =ac tj and M\{si} N\ {tj}, for some i in 1 ... m and 
j in 1 . . .n; or (iii) Si y tj^ A . . .A Si y tj^ and (M \ {sj} ^ N\ {tj^, . . .,tj^} for 
some z in 1 . . .m and 1 < ji < . . . < jfc < zz (fc > 0), where ^ is the union of 
'A- and =AC- Alternatively (and equivalently if is AC-compatible), it can be 
defined as the smallest transitive relation containing 

X U {s} A U {ti, . . ., tn} if X =AC X and s ^ ti for all z G {1 . . .zz} 




136 Albert Rubio 



In general we will consider that ^ is the union of a given ordering and =ac ■ 
If is an AC-compatible ordering on a set S then and >~iex are respectively 
an AC-compatible ordering on multisets of elements in S and an AC-compatible 
ordering on sequences of elements in S. Being more precise, in order to fulfil 
transitivity we need to be both transitive and AC-compatible. 

3 The Ordering for Ground Terms 

In this section we consider only ground terms, and assume that the prece- 
dence is total on the set of function symbols. First we introduce two different 
sets of terms obtained from a term headed by an AC-symbol. 

Definition 1. Let s he a term of the form /(si, . . . , s„) with f G Tac- 

— The set of terms embedded in s through an argument headed by a small 
symbol, denoted by EmbSmall{s), is defined as 

{/(si, ■ ..,tff{vj), . . ., s„) I Si = h{vi, ...,Vr) A f >jrh A j e {1 . . .r}} 

— The set of arguments of s headed by a big symbol, denoted by BigHead(s), is 
defined as {si \ 1 < i < n /\ top(si) /} 

We will now give the definition of the ordering on ground terms. 

Definition 2. Let s and t be terms in Then 

s = f{si,...,Sn)>- g{ti , . . . ,tm) = t if and only if 

1. Si y t for some i G {1 . . .n}, or 

f g 0 ''nd s >- ti for all i G {1 . . . n}, or 
3. f = g ^ Tag and (si, . . ., s„) >iex {ti , . ■ .,tn) and 
s >- ti for all i G {1 . . . n}, or 

4- f = g G Tag and s' 'g t for some s' G EmbSmall(s) , or 
5. f = g G Tag and s >- t' for all t' G EmbSmall(t) and 
BigHeadi s)>G BiaHead(t) and either 

(a) BigHead{s)>G BigHead(t) or 

(b) n > m or 

(c) n = m and {si, . . ., .. .,tm}- 

The first three cases of this definition of course correspond to the standard 
RPO. Cases Hand Happly when both terms are headed by the same AC-symbol 
/. The intuition behind them is very simple. On the one hand, in order to 
obtain AC-compatibility, terms are considered in flattened form. On the other, 
the symbols that disappear under flattening must still be taken into account in 
order to obtain monotonicity. Let us consider an example. 

Assume / Ajr g. Then, as in the standard RPO, we have of course /(a, a) >- 
g(a). By monotonicity, if we add the context /(a, []) and flatten, we must have 
f{a,a,a) >- f{a,g{a)), that is, the symbol / that has been removed under flat- 
tening is important in order to “take care” of the g. The number of such implicit 
/’s depends of course on the number of arguments. 
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But, similarly, if g /, then g(a) f{a, a) and by monotonicity we should 
have f{a,g{a)) >- /(a, a, a). Clearly, in this kind of situations where the com- 
parison of arguments headed by big symbols is conclusive, the number of such 
implicit /’s is not important. 

This motivates the three stage hierarchy in casefl (a) first consider the mul- 
tisets of arguments headed by symbols bigger than /; (b) if these sets coincide, 
then compare the number of arguments (i.e., the number of implicit /’s); (c) 
finally, if both terms are equal under the previous two measures, then we can 
safely compare the multisets of all (or only the small-headed ones) arguments in 
the usual (multiset) way. 

Of course, since any simplification ordering must contain the embedding rela- 
tion, we must have s [(?(. . .t . . .)]p s[t]p for all s, t, g and p. This indicates that 
the use of EmbSmall{s) and EmbSmall{t) in casesJandHare no real restriction. 

But the ideas of the three stage approach of caseHcan be safely applied 
precisely due to the precondition stating that s > t' for all t' G EmbSmall{t), 
which prevents situations where t is a term like /(a, h{. . .u . . .)), and where by 
removing h (with / h) we get f{a,u), where u can be headed by a big 
symbol, or, if u is headed by /, the number of arguments increases. 

The following examples show the behaviour of the ordering when comparing 
terms headed by the same AC-symbol. 

Example 1. Let h >-jr f g a >-jr b be the precedence. Then we have 

1- /( 5 (/(^(a),a)),a) ^ f{h{a),a,a) by caseP 

2. s = f{h{a),g{a)) >~ f{g{h{a)),a) = t hy case since s >- f{h{a),a) G 
EmbSmall(t) by caseP and BigHead(s) = {ft.(a)})^0 = BwHead{t). 

3. s = f{g{h{a)),b,b,b) >- f{g{f{h{a), a)), a) = t hy case^J since n = 4 > 
2 = m and BigHead{s) = 0 = BigHead{t) and s >- f{h{a),a,a) = f G 
Em bSma ll(t) by applying first casePand then s' = f{h{a),b,b,b) >- t' by 
case^P since BigHead(s') = {/i(o)} = BigHead{t'), EmbSmall{t') = 0 and 
n = 4 > 3 = m. 

4. s = f{h{a),a) >- f{h{a),b) = t, by case^J since we have EmbSmall{t) = 0, 
BigHead(s) = {/i(a)} = BigHead{t), n = m = 2 and |/i(a), a})¥-{h{a), b}. 



Lemma 1. If is total on the set of function symbols then >- is AC-total on 
ground terms. 

Proof. Let s = /(si , . . . , s„) and t = g(ti , . . . , tm) be ground terms. Then either 
s y t or t y s or s =ac t- We proceed by induction on |s| -I- \t\. 

By induction hypothesis for every Si we have either Si ^ t or t >- si, and for 
every tj we have either s tj or tj ^ s. On the other hand by totality of the 
precedence, either / g or g f or f — g. Therefore, either we conclude 
s y t or t y s hy cases Poi'Por s tj for all tj and t y Si for all si and f = g. 

li f ^ IFac then, by induction hypothesis either s =ac t or we can conclude 
s y t or t y s hy caseP 

Finally if / G IFac then by induction hypothesis, either s y t' or t' ^ s for all 
f G EmbSmall{t)', and either t y s' or s' ^ t for all s' G EmbSmall{s). Therefore 
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either s >- t or t >- s hy casejor s >- f for all S EmbSmall{t) and t > s' for 
all s' € EmbSmall{s). By induction hypothesis, either BigHead(s)'^ BigHead{t) 
or BigHead{t))¥~BigHead{s) or BigHead(s) =ac BigElead(t). Therefore either 
s t or t >- s by ca se or BigHead(s) =ac BigHead{t) and then either s t 
or t s by case^H or m = n, and by induction hypothesis, we have either s y t 
or t >- shy case^3 O'" ® =AC t- Q 

The following theorem follows from corollary^and theorem ^ 

Theorem 1. is an AC-total AC-compatible simplification ordering on E{T'). 



4 Terms with Variables 

In this section we consider terms with variables, but we still assume that the 
precedence is total on the set of function symbols. First, due to the presence of 
variables, the counting of arguments has to be adapted, since one cannot know 
how many arguments a variable will include when instantiated and flattened. 

Therefore in cases ^Jand^J instead of n and m we will use the following 
notion of #(s) and #(t), and n > m and n = m become diophantine inequations 
over the positive integers. 

Definition 3. Let s be a term. Then =fi{s) is an expression with variables on 
the positive integers, defined as #(/(si, . . . , s„)) = #„(si) + . . . + #„(s„), where 
=fiv{x) = X and = 1 if t is not a variable. 

For example, we have ff{f{x,y,g{x))) = x-\-y-\-l>x-\-y = #(/(a;,y)), 
which is necessary to achieve stability under substitution. 

In addition we have to replace the set BigHead(s) by NoSmallHead(s), which 
may include variables, in one of its uses. 

Definition 4. Let s be of the form /(si , . . . , s„) with f G Tag- The set of argu- 
ments of s headed by a symbol not smaller than f, denoted by NoSmallHead{s), 
is defined as {si | 1 < i < n A / top{si)} 



Definition 5. Let s and t be terms in T{fF,X). Then 
s = f{si,...,Sn)'^v g{ti ,...,tm) = t if and only if 

1. Si t for some i € {1 . . .n}, or 

f 'gt 9 o,n-d s >~v ti for all i G {1 . . .n}, or 
3. f — 9 ^ T' AC and (si , . . . , s^') vfiex (h , . . . , and 
s >~v ti for all i G {1 . . .n}, or 

4-. f = 9 G Tag o,xid there is some s' G EmbSmall(s) s.t. s' t, or 

5. f = 9 G Tag o,xid s >-y t' for all t' G EmbSmalUt) and 
NoSmallHead( s)>^yNoSmallHead(t) and either 
(a) BigHead{s))^yBigHead{t) or 
(h) #(s) > #(i) or 

(c) ^(s) ^ { Si , . . . , Sn } -u {^ 1 5 ■ ■ -5 ■ 
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Note that the difference between NoSmallHead{s) and BigHead{s) is that 
the latter does not include the variables. Then, on the one hand, the condition 
NoSmaUHead{s)'^yNoSmaUHead(t) ensures that every variable in t is taken 
care of by a variable in s or by a argument of s headed by a big symbol. Then if, 
by instantiation, some variable becomes a term headed by a big symbol, we know 
that some argument of the (instantiation) of s headed by a big symbol takes care 
of it. On the other, the condition BigHead{s))¥~yBigHead{t), prevents us from 
using variables that can become small terms by instantiation. The combination 
of both conditions is crucial to prove stability under substitutions. 

Example 2. Let h >-jr f 'f-jr g be the precedence. Then we have 

1- f{h{x),x,x) by caseO 

2. s = f{h{x),g{x)) ^y f{g{h{x)),x) = t hy case since we have s ^y 
f{h{x),x) G EmbSmall{t) hy cas^^and NoSmallHead{s)= {/i(a;)})^„{a;} = 
NoSmallHead{t) and BigHead(s) = {h{x)}>^y0 — BigHead^. 

3. s = f{g{h{x)),x,x,y) ^y f{g{f{h{x),y)),x) = t hy case^J since we have 
#{s) = 2x + y+l >a; + l = #(t) and NoSmallHead{s) = {a;, x, y})^y{x} = 
NoSmallHead(t) and s >- f{h{x),y,x) = t' G EmbS mall(t) by applying first 
case^and then s' = f{h{x),x, x, y) >- t' by case^J since NoSmallHead{s') = 
{h{x),x,x,y})^y{h{x),y,x'\ = NoSmallHead(t'), EmbSmall{t') = 0 and 
#(s') =2x + y+ l>x + y + l = #(t') (since a; is a positive integer). 

4- s = f{g{g{x)),x) >- f{g{x),g{x)) = t, by caseQ since s >y f{g{x),x) G 
EmbSmall{t) by caseH('^ot6 that the symmetric follows in the same way), 
NoSmallHead{s) = {a;}>^„0 = NoSmallHead{t) and #(s) = a; + 1 > 2 = 
#(t) and {g{g{x)),x}^y{g{x),g{x)}. 

Lemma 2. Let s and t be ground terms. Then s > t if and only if s )~y t. 

Proof. The result is trivial since both definitions coincide when applied to ground 
terms. Note that if s = /(si,...,s„) is ground then we have ff{s) = n and 
NoSmallHead(s) = BigHead(s). □ 

The following theorem follows from lemmaH and theorem ^ 

Theorem 2 . yy is an AC-compatible simplification ordering on that 

is AC-total on ground terms. 



Example 3. Rings. With +, * G Tag and * I yjr -\- the ordering 

orients (and hence proves termination of) the following TRS: 



a; + 0 


X 


X + I{x) 


0 


m 


^ 0 


I{I{x)) 


^ X 


I{x + y) 


/(a:) + /(y) 


X * {y -\- z) 


^ {x * y) -\- {x * z) 


X *0 


0 


X * I{y) 


^ I{x*y) 
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Example 4- With +, * G Eac and * + >-j: s >-j: 0, the ordering orients (and 

hence proves termination of) the following TRS: 



a; -1- 0 


X 


X -£ s{y) 


s{x -£ y) 


X *0 


0 


X * s(y) 


^ X * y X 


X * {y z) 


{x * y) {x * z) 



5 Partial Precedences 



First, in order to deal with partial precedences, we now weaken the mul- 
tiset extension of the ordering when applied to the sets NoSmallHead{s) and 
NoSmallHead{t) , since otherwise we cannot ensure incrementality. 

Definition 6. Let >- he an ordering on terms and let he a (partial) prece- 
dence. The multiset extension of >- wrt. an AC-symhol f in the precedence 
denoted hy >^f, is defined as the smallest transitive relation containing 



i X =AC Y and s >- ti and 
iftop{s) f then top{s) hr topfti) 
for all i £ {1 . . . n} 

Now we adapt the set EmhSmall{s) to allow embeddings through symbols 
not bigger than the head. 

Definition 7. Let s he a term of the form /(si,...,s„) with f £ Tac- The 
set of terms embedded in s through an argument headed hy a non-hig symbol, 
denoted by EmbNoBig(s), is defined as 

{f{si,---,tff{vj),...,Sn) I Si = h{vi,...,Vr) f\ h f A j £ {l...r}} 



Definition 8. Let s and t he terms in T(E,X). Then 
s = f{si,...,Sn)>-p g{ti , . . . ,tm) = t if and only if 

1. Si hp t for some i G {1 . . .n}, or 

f Yr g and s >-p U for alii £ {1 . . .n}, or 
3. f = g i Tac and (si , . . . , Sn){>-p)iex{ti, ■ ■ .,t„) and 
s 'Cp ti for all i £ {1 . . .n}, or 

4- f = g £ Tac and there is some s' £ EmbNoBig(s) s.t. s' hp t, or 
5. f = g £ Tac and s >-p t' for all t' £ EmbNoBigft) and 
NoSmallHead{s)hipf NoSmallHeadft) and either 

(a) BigHead{s))^ pBigHeadft) or 

(b) #(s) > #{t) or 

(c) ^(s) ^ ^(t'j (ind { Si , . . . , Stt ,} 5 ■ ■ • 1 ■ 
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The reason to ask for NoSmallHead{s)'^pfNoSmallHead{t), instead of using 
simply is that if, by extending the precedence, an argument t' of t headed 
by a symbol incomparable with / becomes a term headed by a big symbol then 
the argument in s that takes care of t' becomes a term headed by a big symbol 
as well; and if, by extending the precedence, an argument s' of s headed by a 
symbol incomparable with / becomes a term headed by a small symbol, then all 
arguments in t taken care of by s' become terms headed by a small symbol as 
well. 

Lemma 3. Let s and t be terms. If the preeedenee is total then s t if and 
only if s >-pt. 

Proof. The result is trivial since both definitions coincide when applied with a to- 
tal precedence. Note that if the precedence is total then we have EmbNoBig(s) = 
EmbSmall(s) and that for all s' G NoSmallHead{f{si, . . . , s„)) either top{s') >-jr 
f or s' is a variable, which implies that >^p/ and )^p coincide. □ 



Corollary 1. Let s and t be ground terms. If the preeedenee is total then s t 
if and only if s >pt. 

The proof of the following theorem is given in the next section. 

Theorem 3. )~p is an AC-eompatible simplifieation ordering on T{T,X), AC- 
total on ground terms and ineremental wrt. the preeedenee. 

Example 5. Let / be an AC-symbol. 

1. Wit h an y precedence we have s = f{g{g{x)),x) >-p f{g{^,g{x)) = t hy 

case^J since s >-pt' = f{g{x),x) € EmbNoBig{t), by casefl and 
NoSmallHead(s) = lofofa;)), g(a;)| = NoSmallHead(t), and 

#(s) = l-yx>2 = #(t) and {g{g{x)),x}^{g{x), g{x)}. 

2. Wit h pr ecedence g >-j: h we have s = f{x,x,g{x)) f( x, h(x)) = t hy 
case^J since s>pt' = f{x, x) G EmbNoBig{t), by case^J and 
NoSmallHead{s)= {x, x, g{x)}'^pf{x, h{x)} = NoSmallHead(t), and#(s) = 
2a; -I- 1 > a; -I- 1 = #(t) (note that a; is a positive integer). 



Example 6. Milners’s nondeterministic maehines. With -|- G Tac and T -|- 
and L the ordering orients (and hence proves termination of) the following 

TRS. Note that the decision about the precedence relation between T and -|- is 
not needed until the last rule. 



0 -I- a; 



X 



X X 

L{T{x)) 
L{T{y) + x) 
T{T{x)) 

T{x) X 
t\x + y) +x 
T{T{y) + x) 



L{x) 

L{x -hy)-h L{y) 
T{x) 

T{x) 

T{x-\-y) 

T{x + y) + T{y) 
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6 The Properties of the Ordering 



Here we include the properties of the ordering ^p. Most proofs (not in full 
detail) are provided for the parts that are different from the ones for normal 
RPO. All proofs are quite simple, except the one for stability under substitutions, 
which involves some technical problems caused by the arguments of t that are 
variables ins tantiate by terms headed by a non-big symbol. Detailed proofs can 
be found in 



Property 1. If s =ac t then NoSmallHead{s) =ac NoSmallHead{t), 
BigHead{s) =ac BigHead{t) and #(s) = #(t). 



Lemma 4. is AC -compatible. 

Proof. Since after flattening AC-equal terms are equal up to permutation of 
arguments of AC-symbols, we have to prove the compatibility of >-p wrt. this 
permutative equality, which we also call =ac- Then s' =ac s )~p t =ac t' 
implies s' >p t' . We proceed by induction on |s| -I- \t\ and case analysis on the 
proof of s )^p t. Here we only include the case in which s = f{s\ , . . ., Sn) >-p 

f{ti, ...,tm)=thy caseO 

Then / € J-ac and s )^p u for all u G EmbNoBigft) and NoSmallHeadl s)>^ pf 
NoSmallHeadft). Since EmbNoBig(t)=Ac EmbNoBig{t'), NoSmallHead{s)=AC 
NoSmallHead{s') and NoSmallHead(t) =ac NoSmallHeadlf'), by induction hy- 
pothesis we have s' >p u' for all u' G EmbNoBig{t') and NoSmallHead{s')'^pf 
NoSmallHead{t') . 

Finally, ii s>pt by case^Jthen, since BigHead(s') =ac BigHead{s))^p 
BigHead{t) =ac BigHeadft'), by induction hypothesis we have Bi^ead{s'))^p 
BigHead{t'), and hence s' >p t' by case^J If s >-p ^y case then, since 
#(s'^= #(s) > #(t) = #{t'), we have s' >-p t' by case^flj Otherwise, s >-pthy 
caseHand #(s') = #(s) > #(t) = #(t') and {s'l, . . s'„} =ac {si, ■ ■ ■ , 

{ti, . . . , tn} =AC {^ 1 ) ■ ■ ■ ) t'n}i which implies by induct ion hypothesis that 
{s^, . . . , s'„})^p{t^, . . . , t'^}, and hence s' >-p t' by case^J □ 

Lemma 5. Let f be an AC-symbol. If n > m and 1 < A < . . . < im "£ rn then 

/(si,...,Sn) r- p /(Sij , ... , Si^ ) . 

Lemma 6. Let f be an AC-symbol. If n > m and 1 < A < . . . < im ^ rn then 
s hp /(ti, ■■■An) implies s >p f{ti^,^ ■■Aim)^ 

Lemma 7. If s ^p t then s >-p ti, for all ti argument oft. 

Proof. By induction on the |s| -I- |t|. Let s be /(si, . . . , s„) and t be g{ti , . . . , tm). 
If s =AC t then for every ti there is some sj s.t. Sj =ac ti and therefore by casej 
we have s >-p ti. Otherwise s )^p t and we distinguish several cases according to 
the definition. We again only consider the case in which s )^p t by caseH Then 
there are three cases: 



^ Available in http://www-lsi.upc. es/'albert/papers/aclong.ps.gz 
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1. li f >-yr top{U) and ti is a constant, it holds trivially, by casefl 

2. If / yyr top{ti) and ti = h{vi, . . .,Vr) with r > 0, then for all j G {1 . . . r} 
there is some t' G EmbNoBig{t) s.t. t' = f{ti, . . tm) and s >-p t' . 
Now, for all Vj either top{vj) yf / and tfj:{vj) = Vj and hence by induction 
hypothesis s >p Vj, or top{vj) = /, and then by lemma B we have s >-p 
f{tff{vj)) = Vj. Therefore, since / h, by case^ we have s '^p ti. 

3. If / top{ti) then, since NoSmallHead{s)'^pfNoSmallHead{t) there is 
some Sj (with / top{sj)), s.t. Sj ^ ti and hence s )^p ti by case^ ^ 

Corollary 2. >-p fulfils the subterm property. 



Property 2. Let s and t be terms. Then NoSmallHead ( s)>^pfNoSmallHead (t) 
implies BiaHead(s)>^pBiaHead(t). 



Lemma 8. >-p is transitive. 

Proof. We prove s >pt and t>pU implies s >p uhy induction on |s| + |t| + |u| 
and case analysis on the definition. Let s be /i(si, . . . , s„), t be / 2 (ti, . • . , tm) 
and u be fsiui, . . . , Up). We just consider here some of the cases. 

— If s )^p t by case Hand t )^p u hy case H or H then there is some s' G 
EmbNoBig(s) s.t. s' ^p t, and by induction hypothesis and AC-compatibility 
s' >-p u, which implies s "^p uhy casej 

— If s )^p t by case Q and t )^p u hy case H then then there is some t' G 
EmbNoBigit) s.t. t' >p u, and since s )^p t' for all t' G EmbNoBigft), by 
induction hypothesis and AC-compatibility we have s >-p u. 

— If s )^p t by case | and t )^p u hy case | then fi = f 2 = f^ = f and 
by induction hypothesis and AC-compatibility we have s )^p u' for all u' G 
EmbNoBig(u) and NoSmallHead(s)>^pf NoSmallHead (u) . 

Now if either s >p t or t >-p u by case then, by property H induction 
hypothesis and AC-compatibility we have s )^p u by case^J Otherwise, if 
either s^pt or t^pU hy case^H^en we have s ^p uhy case^J Oth- 
erwise, s >p t and t )^p uhy case^J and then {si, . . . , s„})^p{ti, . . . , tm} 
and {ti, . . . , tm}'^p{ui , . . . , Up}, implies, by induction hypothesis and AC- 
compatibility {si, . . . , s„})^p{ui, . . . , Up}, and hence s ^p uhy case^J □ 



Lemma 9. >-p is irreflexive. 

Lemma 10. >-p is monotonic. 

Proof. If s )^p t then /(. . . s . . .) )^p /(. . . t . . .) for every flattened context 
/(...[].. .), by induction on |/(. . .s. . .)| -I- |/(. . .t. . .)|. Note that if the context 
is not flattened, we can flatten it and then apply the result. 

We only consider the case in which / is in J- ac- Then cs = /(. . . s . . .) = 
/(. . . . . .) and ct = f{...t...) = /(. . . tfjft ) . . .). By induction hypothesis, 

it is easy to show that cs >p t' for every t' G EmbNoBig(ct) obtained from some 
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Ui = h{v\, . . Vr) with h f in the context. Now, let s = gi(si, . . . , s„) and 
t = 92{ti, ■ ■ ■ , tm), there are several cases to be considered according to the proof 
of s )^p t and the head symbols of s and t. 

We analyze the case in which gi = f. Then tff{s) = si . . .s„. We consider 
three cases. 

1. s t by casej Then si t for some Si, and by induction hypothesis 
/(. . . tff{si) ■■■) h f{--- . . .). By lemmaHwe have /(. . . si . . . s„ . . .) ^ 

/(. . . Si . . .) and, since tff{si) = Si, by induction hypothesis /(. . . Si . . .) ^ 
/(. . . . . .), and therefore, by transitivity and AC-compatibility, we ob- 
tain /(. . . Si . . . s„ . . .) /(. . . . . .). 

2- <7i 92- Then / )^p g2 and = t. Since s )^p ti for all U, by in- 
duction hypothesis, we have /(. . . si . . . s„ . . .) >-p for all 

ti, and hence /(. . . s . . .) >p t' for all t' € EmbNoBig{f{. . . ,t , . . .)). Then 
NoSmallHead{f {. . . si . . . s„ . . .)) A NoSmallHead{f{. . .t . . .)) and, since n > 
2, #(/(. . . Si . . . s„ J) > #(/(. . . t . . .)), which implies /(. . . si . . . s„ . . .) ^p 

3. gi = g2 and s )^p t by case^or by case^ Then t^(t) = ti . . Am and it is 
easy to prove that /(. . . si . . . s„ . . .) )^p /(. . . ti . . . tm ■ ■ ■) holds by the same 
case as s )^p t. 

The other two cases are gi / and g\ f. The first one is solved again 
by case H if s '^p t hy case^ and by case if gi Ajr g^. The second one is 
always solved by case^Jconsidering the cases g2 f,92>~y^f and 52 = /• □ 

Property 3. Let a; be a variable and let s and t be terms. 

If NoSmallHead{s)'^pfNoSmallHead{t) and BigHead{s))¥~pBigHead(t) then 
BigHead(s) U X s)^p Big Head {t) U Xt, where Xg and Xt are respectively the 
multisets containing all x in NoSmallHead{s) and NoSmallHead(t) . 

Lemma 11. Let f be in Tac- If /(si , • ■ • , x, . . . , s„) >-p f{ti , . . . , a;, . . . , t„i) 
then /(si, , Sn) Ap f (ti ^ , tm) • 

In fact if either n or m is equal to 1 then (due to the arity of /) we do not 

include the / on top for /(si , , s„) or f(ti , , tm) and we just have si 

or ti. 

The following lemma is used to prove stability under substitution, i.e. s )^p t 
implies sa )^p ta. The proof of this lemma becomes rather technical due to the 
new embedded terms in EmbNoBig(ta) which come from an embedding trough 
an instantiated variable. Due to this problem we have to generalize the stability 
property in order to prove that s )~p t then sa >-p t' for every t' (equal to or) 
embedded in ta through the instantiated variables. On the other hand, we have 
first considered the simplest substitution a. 

Lemma 12. Let a be {x 1-^ 9{vi, ■ ■ -jJ/fc)} for some symbol q. Lf s >-p t then 
'sa )~p t' for all t' € M(t), where M{t) is defined as 

— iftop{t) = / ^ Eac or q Ayr f then M{t) = {ta}, and 
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- if t = f{ti ■,tm) and f e J^ac and f then 

= {f{wi, ■ ■■Wm) I Wi e {q{yi , . . .,yfc), j/i, • ■ ifU = x, and 
Wi = tiG otherwise, and 1 < i < m} 

Proof. Note that ta G M{t), and therefore, this property implies sct >p ta. 

We prove that s >p t implies 'sa >p t' for every s, t and t' G M{t), by 
induction on the triple (|s|, |t|, |t'|) ordered lexicographically and case analysis 
on the proof of s >p t. We only consider the case in which s t by caseH 
First it is proved that for all w' G EmbNoBig{t') we have s >p w' . If the 
embedding is made through an instantiated variable then since w' G M(t), it 
holds by induction hypothesis. Otherwise, there is some t” G EmbNoBigft) s.t. 
w' G M{t”), and since s )^p t" , by induction hypothesis, we have s >-p w'. 

Now, using what we have proved above, we can prove that W >-p f . There are 
three cases depending on the occurrences of the variable x as argument in s and 
t. If some Si = X and some tj = x then we can solve it using lemma^Jand induc- 
tion hypothesis, and then monotonicity and either subterm, ii q ^ f, or deletion 
property, otherwise. If all ti ^ x then by induction hypothesis, it is quite easy to 
see that 'sa >p t' holds by the same case as s >p t. If all si^ x for alH G {1 . . . n} 
then we use the fact that in this case NoSmallHead{s)'^pfNoSmallHead(t) im- 
plies BigHead{s))^ pBigHead{t) , since some term should take care of the x’s in t. 
Finally, by in duct ion hypothesis, and using propertyHwe can show that 'sa t' 
holds by case^J □ 



Lemma 13. >-p is stable under substitution. 

Proof. The proof of s ^p t implies 'sa >-p ta for every substitution a, is done by 
induction on the \a\ defined as the multiset {|w| | {x w) G cr} and compared 
by the multiset extension of >, and using lemma^3 □ 



Lemma 14. >-p is incremental. 

Proof. We prove that if s >-p t with the precedence then s >-p t with the 
precedence yyr Li{f >- g'} where f and g' are symbols in E not related by yyr. 
We proceed by induction on |s| -I- |t| and case analysis on the proof of s !^p t 
with the precedence 

We only consider the case in which s = /(si , . . . , s„) '?-p f{ti , . . . , tm) = thy 
caseH Then we have s >-p t' for all t' G EmbNoBig{t) and NoSmallHead{s)^pf 
NoSmallHeadft). First, since EmbNoBigft) wrt. is included in EmbNoBigft) 
wrt. U{/' g'}, by induction hypothesis s >p t' for all t' G EmbNoBig{t) 

wrt. U{f g'}. Second, by definition of ^p/ all terms s' in NoSmallHead{s) 

s.t. top(s') f only takes care of terms t' in NoSmallHead{t) s.t. top{s') 
topft'), then if s' is not in NoSmallHead{s) wrt. yjr U{/' g'} then none of the 

t' is in NoSmallHead{t) wrt. U{/' g'}. Therefore, by induction hypothesis, 

NoSmallHead{s)'^pfNoSmallHead{t) wrt. U{/' g'}. 

Now if we have applied case^Bf holds trivially and if we ha ve ap plied case^J 
then it holds by by induction hypothesis. If we have applied case^Jthen we have 
BigHead(s))¥~pBigHead(t) wrt. >-jr. Since NoSmallHeadl s)'^pfNoSmallHead(t). 
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wrt. by definition of ^p/, for every term t' in NoSmallHead(t) wrt. >-j^ s.t. 
t' ^ BigHead{t) wrt. yjr and t' S BigHead{t) wrt. U{f >- g'} there is some 
s' in NoSmallHead{s) wrt. s.t. s' G BigHead(s) wrt. U{/' g'} that 

takes care of t' (note that for every t' in NoSmallHead{t) wrt. there is some 
s' which takes c are o f it and either top{s') f or top{s') top{t')). Therefore 
it holds by case^J since BigHead{s))^pBigHead{t) wrt. U{/' g'}. □ 



7 Conclusions 



We have presented the first fully syntactic AC-compatible recursive path or- 
dering (RPO). The ordering is AC-total on ground terms, and defined uniformly 
for both ground and non-ground terms, as well as for partial precedences, being 
the first incremental one (note that due to this, we can allow as well signature 
extensions without any restriction). 



Our ordering does not coincide (even for ground terms and total precedences) 
with any of the ones given in and (with fcount abstrac- 

tion). With the precedence h >-jr f g yyr a, and / S ipAC the terms 
f{h{a),g{a)) and f{g{h{a)), a) are compared in a different way (only in our case 
the first one is greater than the second one). The reason is that in our ap- 
proach the arguments headed by big symbols are more important than in the 
others. However, it could be the case that by taking another abstraction func- 
tion for the orderings coincide. On the other hand we have also found 

another syntactic definition in which the number of arguments of an AC-symbol 
is more important than its arguments headed by big symbols, which we believe 
to coincide with the orderings in and (with fcount abstraction) . 

A weakness of this new definition is that it is only monotonic for ground terms, 
although, in fact, this is not a problem for practical applications. 



As simple improvements to the presented ordering, we can allow the user to 
use multiset status for non-AC symbols as well as defining equivalences between 
the non- AC symbols in the precedence. 



Regarding efficiency of implementation, it is easy to show that some of the 
recursive comparisons in caseOcan be avoided. Being more precise, when com- 
paring terms s and t, some of the recursive comparisons s )^p t' for every 
t' G EmbNoBigit) are not necessary since they follow from other ones, by mono- 
tonicity and transitivity. Currently, we are looking for properties, in the ground 
case and total precedences, which, by comparing the arguments of t, allow us to 
choose a single term u in EmbNoBig(t) such that s >- u ensures s >- t' for every 
t' G EmbSmall(t). Then, by extending these properties to the general case, we 
would further reduce the amount of recursive comparisons to be performed. 



As a future development, due to its simplicity and, mainly, the fact that 
it is not interpretation-based, it opens the door to finding practically feasible 
ordering constraint solvers for the AC-case 
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Abstract. We introduce the notion of a theory path ordering (TPO), 
which simplifies the construction of term orderings for superposition the- 
orem proving in algebraic theories. To achieve refutational completeness 
of such calculi we need total, iJ-compatible and S-antisymmetric simpli- 
fication quasi-orderings. The construction of a TPO takes as its ingredi- 
ents a status function for interpreted function symbols and a precedence 
that makes the interpreted function symbols minimal. The properties of 
the ordering then follow from related properties of the status function. 
Theory path orderings generalize associative path orderings. 



1 Introduction 

Refutationally complete superposition calculi for algebraic theories require sim- 
plification orderings which are total on ground terms, and which obey addi- 
tional restrictions imposed by the algebraic theories. In particular, theorem 
proving modulo some equational theory E requires that the term ordering is 
if-compatible. The most important theory in practice is AC (Bachmair and 
Plaisted 1985, Delor and Fuel 1993, Rubio and Nieuwenhuis 1995, Kapur and 
Sivakumar 1997, Baader 1997). Additionally, presenting the theory by a term 
rewriting system modulo E (Bachmair, Ganzinger and Stuber 1995, Marche 
1996, Stuber 1998a, Stuber 1998b) requires that the ordering orients the rules 
in this system in the right direction. The same applies to rules in symmetriza- 
tions which arise from the interaction of nontheory and theory equations. In 
some cases, for instance for modules and algebras over a fixed ring, these re- 
quirements cannot be met by combining orderings known from the literature 
and necessitate the construction of new orderings (Stuber 1998a). 

We present a general construction of such an ordering. We distinguish be- 
tween free and interpreted function symbols, where interpreted function symbols 
have a special meaning in the given theory. In particular, the function symbols in 
the set of equations E are contained in the interpreted function symbols. For free 
function symbols the ordering is defined analogously to the lexicographic path 
ordering. That is, we assume as given a precedence on free function symbols, 
and use lexicographic status to compare terms with the same free root symbol. 

* Part of this work has been supported by Deutsche Forschungsgemeinschaft under 
grant GA-261/7-1. 
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Contexts consisting of interpreted function symbols will be handled as a whole 
by a status function, which is the main ingredient of our ordering. Such a status 
function can be presented as a function that extends an ordering on constants to 
an ordering on terms over constants and interpreted function symbols. Finally, 
the interaction between free and interpreted function symbols is handled by 
extending the precedence to a quasi-precedence where the interpreted function 
symbols form the minimal equivalence class. 

The main problem in the construction of if-compatible reduction orderings 
is to obtain compatibility with contexts (monotonicity) . Considering contexts of 
depth greater than one in a single application of the status function essentially 
amounts to flattening the context. To obtain compatibility with contexts we let 
free function symbols have a greater influence on the ordering than interpreted 
function symbols. Formally this is reflected by interpreted function symbols being 
minimal in the precedence, and by requiring the status to have certain multiset 
properties, which ensure that the status function is compatible with the path 
ordering also within a context of interpreted function symbols. 

Our construction can be viewed as a generalization of the associative path 
ordering (Bachmair and Plaisted 1985). In view of this we call our ordering 
theory path ordering (TPO). On the other hand our construction is related to the 
general path ordering (Dershowitz and Hoot 1995, Geser 1996). We use Geser’s 
approach to prove that the ordering has all the properties of a simplification 
quasi-ordering except compatibility with contexts. There are also some overlaps 
of the properties we require of an extension function with those required by 
Baader (1997). He combines an E\- and an if 2 -compatible reduction ordering 
into an E\ U if 2 -compatible one. However, his combination ordering compares 
terms first by the maximal number of alternations between Ei and i? 2 - This 
makes it unsuitable for our purposes, since we need that free function symbols 
dominate the ordering. 

We use quasi-orderings throughout our presentation, since these integrate an 
ordering and an equivalence relation in a natural way. We split the notion of 
a quasi-ordering being total up to E into being if-antisymmetric and total. E- 
antisymmetry has the advantage that it is also meaningful for partial orderings, 
which is useful in the nonground case. However, here we consider only the ground 
case. 

In Sectionjwe state some preliminaries, in particular about quasi-orderings. 
SectionH presents our adaption of the general path ordering of Geser (1996). In 
Sectionjwe define the TPO and the notion of a TPO-status, and we show that 
the TPO has the desired properties. In Sectionflwe show that a TPO-status can 
be given in a natural way as a function that extends an ordering on constants to 
an ordering on terms. In Section H^e give examples of theory path orderings. 

2 Preliminaries 

We assume the reader is familiar with term rewriting and the properties of or- 
derings arising in that context (Dershowitz and Jouannaud 1990, Baader and 
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Nipkow 1998). Following the latter we call a binary relation R on terms compat- 
ible with contexts ii s Rt implies u[s] R u[t] for any context u. A binary relation 
R is compatible with an equivalence relation ^ \i x ^ x' Ry' ^ y implies x Ry. 
An equation is called collapse-free if neither side is a variable. A set of equations 
is called collapse-free if all its equations are collapse-free. We write 



argSAC(/)(^) 



argSAC(/)(^i) U argSAc(/)(i 2 ) for t = f{ti,t 2 ), 
{t} otherwise, 



which is the multiset of arguments of / after flattening. 

A quasi- ordering is a binary relation that is reflexive and transitive. Each 
quasi-ordering ^ can be split into its strict part ()^) = (^) \ (;^) and its equiva- 
lence kernel (~) = (^)n(;^) = (^)\()^). In the context of some quasi-ordering ^ 
we always use for its strict part and ~ for its equivalence kernel. On the other 
hand, if ~ is an equivalence relation and is a strict partial ordering that is 
compatible with ~ then (^) = (~) U ()^) is a quasi-ordering. A quasi-ordering ^ 
is total on a set Sifxf^yory>^x for any two elements of S. It is well-founded 
if is well-founded. We say a quasi-ordering ^ on terms is E-compatible if ^ 
is compatible with =e- It is E- antisymmetric if s ~ t implies s =e t for all 
terms s and t. A quasi-ordering may also be viewed as a partial ordering on 
^-equivalence classes. Via this construction the multiset extension of partial or- 
derings induces the multiset extension of a quasi-ordering Similarly, 

quasi-orderings can be combined lexicographically. The lexicographic extension 
of ^ to tuples of fixed length is denoted by Multiset extension and the 

lexicographic combination preserve well-foundedness and totality. For a given 
quasi-ordering ^ we will also use subscripts to denote their multiset or lexico- 
graphic extension, e.g., Note that in this case >~mui denotes that 

is, the strict part of the multiset extension of the (non-strict) quasi-ordering. The 
subterm ordering \> is defined by s [> t if and only if t is a proper subterm of s. 
Since \> is well-founded, \>mui = is also well-founded. 

In general we will use ^ both to denote quasi-orderings and quasi-ordering 
functionals, because then and ~ allow easy access to the strict part and 
equivalence kernel of the result of the functional applied to some quasi-ordering. 
We will use superscripts on quasi-ordering functionals to distinguish them from 
quasi-orderings, where we use no superscripts. 

We say that a quasi-ordering is strictly compatible with contexts if both ^ and 
are compatible with contexts. A reduction quasi- ordering is a quasi-ordering 
on terms that is well-founded, strictly compatible with contexts and strictly 
closed under substitutions. If in addition it has the subterm property, it is called 
a simplification quasi- ordering. The strict part of a simplification quasi-ordering 
is a simplification ordering. If i? C (;^) and E C (~) for a term rewriting system 
R modulo E and a reduction quasi-ordering ^ then R is terminating modulo E. 
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3 General Path Orderings 

We use the general path ordering (GPO) of Geser (1996) as a starting point 
for constructing quasi-orderings modulo E on ground terms. However, Geser’s 
method of proving compatibility with contexts from a status being “prepared for 
contexts” cannot cope with flattening, hence it is not applicable in this setting. 
Gonsequently, we weaken the notion of a status to that of a prestatus, which 
need not be prepared for contexts. By inspection of Geser’s proofs one sees 
that his proofs use only the properties of a prestatus, with the exception of the 
proofs of reflexivity and of compatibility with contexts. Fortunately reflexivity 
can easily be proved from the properties of a prestatus alone. Gompatibility with 
contexts will be the main topic of Section^ Beyond the work of Geser we show 
that natural conditions on a prestatus imply that the induced GPO is total and 
if-antisymmetric. 

Given two terms s and t we let fin(s, t) be the set {(s', t') | {s,t} l>mui 
That is, a pair (s', t') is in fin(s, t) if either both terms are proper subterms of s 
or t, or if one term is equal to s or t and the other is a proper subterm of the 
other. For instance, 

Rn{f{a),g{b)) = {(/(a), 6), (6, /(a)), {a,g{b)), {g{b),a), {a, a), {a,b), (b,a), (6,6)}. 

A quasi- ordering functional is a function which maps any quasi-ordering ^ 
on ground terms to a quasi-ordering ^*'(^) on ground terms. A quasi-ordering 
functional is subterm founded on a set of pairs of terms 5 if s ^**(^) t is 
equivalent to s ^'**(^ H fin(s, t)) t for any quasi-ordering ^ and any pair (s, t) 
in S. We say that is subterm founded if it is subterm founded on the set of 
all pairs of ground terms. Subterm foundedness ensures that the GPO is well- 
defined and allows to use induction to prove its properties. A quasi-ordering 
functional decreases infinite derivations if for every infinite derivation 

Si S2 ^^*(fc)... 

there exists an infinite derivation ti >- O ■ ■ ■ such that Si t> ti for some 
z > 1. This property ensures well-foundedness of the resulting GPO. A quasi- 
ordering functional is called a prestatus if (i) is subterm founded, 
and (ii) decreases infinite derivations. The general path ordering ^gpo = 
^gpo(^st) induced by a prestatus is the smallest quasi-ordering such that 
S — /(si , . . . , Sm ) fZgpo 17 (^1 5 ■ • -5 ^n) — t if 

1. Si ^gpo t for some z = 1, . . . , m, or 

2. s i^gpo tj for each j = 1, . . . , zz and s y“^(fZgpo) t. 

As an example consider a language consisting of a binary function symbol / and 
a constant a, and define by s ^**(^) t if and only if either 

1. s = a, or 

2. s = /(si,S2), t = /(ti,t2) and argSAc(/)(s) fcmni argSAc(/)(i)- 
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Then preserves reflexivity and transitivity, since the multiset extension does. 
It is subterm founded, since it invokes its argument ordering only on multisets 
of its subterms, and it decreases infinite derivations, since the multiset extension 
does. By inspecting the definitions one sees that is the recursive path 

ordering with respect to the precedence a )^p f and with multiset status for /. 

Lemma 1 (Geser 1996) Let be a prestatus. 

1. If s )Zgpo t cind t \> f then s )~gpo t' . 

2. If s \> s' and s' )Zgpo t then s >-gpo t. 

3. )Zgpo is transitive and well-founded. 

Geser (1996) proof of transitivity and the proofs of the lemmas below use the 
following scheme for proving that ^gpo has some property P, based on subterm 
foundedness and preservation of P by 

— Consider some instance P[ti, . . .,tn] of P. First prove P[ti, . . . ,tn] for the 
case where some atom ti ^ tj in P becomes true by case^of the definition 
of )Zgpo- Lemma^^Jifl can often be used in this case. It remains to consider 
only caseH where the prestatus is used. 

— Let fin be the union of all sets fai(ti, tj) where ti P tj is an atom in P. 

— Restrict ^gpo to fin, that is, consider ifZgpo) H fin. 

— Extend {)Zgpo) F fin to some that satisfies P, and that coincides with 
)Zgpo on fin. That is, {)Zgpo) H fin = (^p) n fin. 

— Then by subterm foundedness 

G if and only if U >z'‘\'f:gpo n fin) tj 

if and only if ti H fin) tj 

if and only if ti ^**(^p) tj. 

— Use that preserves P to conclude that P[ti, . . .,tn] holds for ^^‘(^gpo) 
and hence for ^gpo. 

Lemma 2 Let be a prestatus. Then )Zgpo is reflexive. 

Lemma 3 Let be a prestatus that preserves totality. Then )Zgpo is total. 

Our example prestatus preserves totality. Either one of the terms is a, or both 
have / at their root and we may use that the multiset extension preserves totality. 



Lemma 4 Let be a prestatus that preserves E- antisymmetry. Then )Zgpo is 
E- antisymmetric. 

For our example let E = AC(/) = AC. We claim that preserves AC- 
antisymmetry. If s t then either s = t = aor argSAc(/)(s) = {sij ■ • ■ j Sfc} '^mui 
{U, . . . , tk} = args^Qj-j) (t). Then there exists a permutation tt of {1, . . . , fc} such 
that Si ^ tTr{i) for i = 1, . . . , fc, and Si =ac C(i) by AC-antisymmetry of By 



Theory Path Orderings 153 



combining the equational proofs for Si =ac with a proof derived from the 
permutation tt we can then obtain s =ac b 

We say that a quasi-ordering functional is prepared for E- compatibility 
if sa ta for any ground instance sa « ta of an equation s « t in if and 

for any quasi-ordering 

Lemma 5 Let E he a set of equations, let he a prestatus that is prepared for 
E- compatibility, and suppose that fZgpo is compatible with contexts. Then fZgpo 
is E-compatihle. 

Proof: By induction on (s, t) with respect to Let s = /(si, . . . , Sm) and 

t = g(ti, . . . , tn). We have to show s fZgpo t for any if-step s t. Symmetry 
of -^E and reflexivity and transitivity of then imply {=e) QZgpo)- 

(1) Suppose the if-step is not at the root of s and t. Then Si ^e ti for 

some i = 1, . . . ,n and Sj = tj for all j z in 1, . . . , n. By using the induction 

hypothesis we get Si fZgpo ti and s f^gpo t by compatibility with contexts. 

(2) It remains to consider an if-step at the root position. We can write s as 
s'cr and t as t'a where s' « t' or t' « s' is the equation in E that is used. Since 

is prepared for if-compatibility, s t follows. □ 

By construction our example prestatus is prepared for if-compatibility. We con- 
clude for the moment that our example GPO is a well-founded if-compatible 
and if-antisymmetric quasi-ordering on terms that has the subterm property. It 
remains to consider compatibility with contexts. 

4 Theory Path Orderings 

Theory path orderings generalize the idea underlying the APO that compatibility 
with contexts can be achieved for path orderings if interpreted function symbols 
are minimal in the precedence. It combines a lexicographic path ordering on 
nontheory function symbols with a special treatment of symbols in the theory, 
which is formalized by a status function. 

We let E denote the set of all function symbols, Ee the function symbols in E 
and Et the function symbols in the theory T. Since in general not all function 
symbols in Et need to be treated specially by the ordering, we select a set Ej 
of interpreted function symbols such that Ee Q Ej C Et- Function symbols not 
in Ej are called free. We let T be the set of terms over E with an interpreted 
function symbol at the root, and A the set of terms with a free function symbol 
at the root. Terms in A are called atomic. A precedence is a quasi-ordering 
on function symbols whose strict part is well-founded. A precedence is called 
TPO-admissihle for Ej if / ~p g for any pair of function symbols from Ej, 
f >~p g whenever f ^ Ej and g S Ej, and f = g whenever / ~p g for / and g not 
va Ej. a well-founded partial ordering > on E\Ej can be extended to a TPO- 
admissible quasi-ordering on E by letting f ^ g whenever either (i) / and g not 
in Ej and / ^ 5 , or (ii) g in Ej. li ^ is total this is the only TPO-admissible 
extension. E.g., for Ej = {-|-,0} and free function symbols {a,/} with a given 
precedence f )~p a the TPO-admissible extension is / )^p a )^p -I- ~p 0. 
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We now come to the properties of a quasi-ordering functional which ensure 
compatibility with contexts. A quasi-ordering functional is strictly internally 
prepared for contexts with respect to Fj if 

s t implies /(. . ,,s, . . .) f{...,t,...) and 

s t implies /(. . .,s, . . .) /(. . . . . .) 

for any / in Fj. We say that a quasi-ordering functional has the multiset 
properties for Fj if it satisfies 

sFt s t for s G A and t G A (MO) 

Si '^st t V . . . V Sm'^st t ^ f{si,...,Sm)>:stt fOT t G A (Ml) 

Sl'^stt V . . . V Sm'^stt f{si,...,Sm)f:stt (M2) 

S ^st tl A . . . A S ^st tn S f{ti ,...,tn) for s G A (M3) 

S ^st tl A . . . A S ^St tn s f{tl ,...,tn) (M4) 

for any / in Fj, where denotes ^**(^)- A quasi-ordering functional is 
called a TPO-status for Fj if it is subterm founded on decreases infinite 
derivations in X, is strictly internally prepared for contexts with respect to X/, 
and has the multiset properties for Fj. 

The theory path ordering '^tpo = fc**) induced by a TPO-admissible 

precedence and a TPO-status is defined as the smallest binary relation 
such that s = g{si, Sm) 'fZtpo h{ti, . . .,tn) =t ii 

1. Si '^tpo t for some z = 1, . . . , m, or 

2. s >tpo tj for each j = 1, . . . , n and either 

(a) g >-p h, 

(b) g ^p Fj and (si, . ..,Sm) {ti,...,tn), or 

(c) g -^phG Fj and s '^‘'^{'^tpo) t. 

We assume that each function symbol has a fixed arity, hence m = n in case^H 
To view ^tpo as a general path ordering we have to define a suitable quasi- 
ordering functional. We define '^tpo = fc^*) by 

S = g(si, ...,Sm) ^?po(fc) Hti, ...,tn) = t 



if and only if 

(a) g >p h, 

(b) g^ph^ Fj and (si,...,Sm) fc'“(fc) {ti,...,tn), or 

(c) g ^p h G Fj and s fc'**(^) t. 

Then clearly ^*^°(^p,^^*) = fc**)) for any precedence ^p and 

TPO-status 

For our running example we let Fj = {f} and a >-p f. To satisfy the multiset 
properties we have to modify such that it uses A on the (only) atomic term a. 
We let s ^'**(^) t if and only if argSAc(y)(s) argSAC(/)(^)- Note that a 
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becomes a singleton multiset, hence (MO) is satisfied. The other properties of a 
TPO-status are also easily verified. Moreover, the resulting is the prestatus 
of Section H 

To obtain if-compatibility in the context of a simplification ordering we re- 
quire E to be collapse- free. A collapsing equation t k, x would lead to a conflict 
with the subterm property, since x has to occur in t for any nontrivial theory. 

Lemma 6 Let E be a set of eollapse-free equations, let Ej D Ee, let be a 

precedence that is TP O- admissible for Ej, and let be a TPO-status. 

1. Then is a prestatus. 

2. If^p is total and if^^^* preserves totality onT^ then Pfeserves totality. 

preserves E- antisymmetry onT^ then fZtpo preserves E- antisymmetry. 
4- is prepared for E- compatibility then so is 'fZtpo- 

Proof: The proof is straightforward. We consider only the last item in order to 
show where collapse- freeness is needed. 

{Prepared for E- compatibility) Let s = scr ~ ter = t be a ground instance 
of an equation s « t in if , where s = g(si , . . . , Sm) and t = h{ti , . . . , t„). Since 
E is collapse- free, g and h are both in Ej. Then g ^p h and s t for 

any quasi-ordering since is prepared for if-compatibility. This implies 

S tfpoit) t- □ 

Next we show that due to the multiset properties a TPO-status and the resulting 
TPO are identical within contexts of interpreted function symbols. 

Lemma 7 Let be a precedence that is TPO-admissible for Ej , and let be 
a quasi- ordering functional that is subterm founded on T^ and has the multiset 
properties for Ej. Then s ^tpo t if and only if s ^**(^tpo) t. 

Proof: We use induction on the pairs (s,t) with respect to \>mui- Let s = 
g{si, ...,Sm) and t = h{ti, . . 

(1) Suppose g and h are not in Ej. Then s fZtpo t if and only if s t 

by 

(2) Suppose g is in Ej and h is not, which implies h >-p g. Then s ^tpo t if 
and only if there exists some i = 1, ... ,m such that si ^tpo t. This is equivalent 
to Si ^‘^*{^tpo) t by the induction hypothesis, and to s '^‘^*{'^tpo) t by 

and 

(3) Suppose g is not in Ej and h is, which implies g >-p h. Then s '^tpo t is 
equivalent to s >tpo tj for all j = 1, . . . , n by case Oof the definition of ^tpo- 
Note that caseB™plies caseOin this context. By induction hypothesis this is 
equivalent to s )^**(^tpo) tj for all j = 1, . . . , n, and to s '^^^{'^tpo) t by 

and 

(4) Otherwise g and h are in Ej. 

For the only-if-direction suppose s "^tpo t. If s "^tpo t by case^of the definition 
of ^tpo then there exists some i = 1, . . .,m such that Si fZtpo t. This implies 
Si t by induction hypothesis, and s ^“^{'^tpo) t by Otherwise 

caseHof the definition of "^tpo holds, which explicitly includes s '^^*{'^tpo) t. 
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For the if-direction assume s t. Then s y^^C^tpo) tj for all j = 

1, . . . , n by and s ^tpo ij for all j = Ij ■ ■ • j ri by induction hypothesis. 

Together with s ^^*(^tpo) t this satisfies case J of the definition of '^tpo, hence 

^ '^tpo 

Theorem 8 Let E be a set of collapse-free equations, let Fj ff Fe, let be a 
precedence that is TP O- admissible for Fj, and let be a TPO-status for Fj. 

1. Then ^tpo is a simplification quasi- ordering. 

2. If^p is total and preserves totality onT^ then 'f^tpo is total. 

3. If preserves E- antisymmetry on then 'fZtpo is E- antisymmetric. 

4- is prepared for E- compatibility then fZtpo is E-compatible. 

Proof: (Simplification quasi- ordering) By LemmaH ^tpo i® ^ prestatus. Thus 
^tpo is a well-founded quasi-ordering on ground terms that has the subterm 
property. It remains to show compatibility with contexts and strict compatibility 
with contexts. 

Let s — g(s\, ... , Sm)t t — h(t\, ... ,t.yf), s — f (u\ , . . . , Ui, s, , . . . ,U}f), 
t' = f(ui, . . . ,Ui,t, Ui+i, . . . , Uk), and suppose s ^tpo t. By the subterm property 
s' Pgpo Uj for j = 1, . . . , fc, and s' >tpo t by LemmaH 

(Compatibility with contexts) We have to show s' fZtpo t' . 

(1) Suppose / ^ Fj. Then s' ^tpoi^tpo) t' because 

(zii, . . . , Ui, S, . . . , rifc) ^ (^tpo) (u\, ... 5 Ui, t, . . . , Uk) 

by definition of ^iex- 

(2) Otherwise / e Fp. From s )Ztpo t we get s )z''^()Ztpo) t by Lemma H 
and by internal preparedness for contexts s' ^‘^''(^tpo) t' , which is equivalent to 
s' tfpoittpo) t' for / in Fp. 

(Strict compatibility with contexts) We have to show s' Ptpo t' under the 
assumption s Ptpo t. Since there cannot exist a, j = 1, . . . ,n such that tj f^tpo s, 
case J of the definition of ^tpo cannot be used to obtain t' ^tpo s'. Hence it 
suffices to show s' Ptpoi'C^tpo) t' in order to conclude s' Ptpo t' . 

(1) Suppose f ^ Fp. Then s' P'tpoi'fZtpo) t' if and only if 

(zii , . . . , Ui, S, , ... ,Uk) {fltpo) (u\, . . . , Ui, t, , . . . , Uff) , 

which follows from the definition of 

(2) Otherwise / S Fp. From s >tpo t we get s P‘*CC,tpo) t by Lemma J 
and by strict internal preparedness for contexts s' ('fZtpo) t', which implies 
s' Pfpo^fZtpo) t' and in turn s' >-tpo t' . 

( Totality) Since Pp is total and Pgt preserves totality on X^, we get that 
preserves totality by Lemma^^J. Hence )Ztpo is total by LemmaH 

(E- antisymmetry) preserves if-antisymmetry onX^, hence ^jpo preserves 
if-antisymmetry by Lemma^^l, and )Ztpo is if-antisymmetric by Lemma^ 
(E- compatibility) Since Pgt is prepared for if-compatibility we get that 'fztlo 
is prepared for if-compatibility by Lemma Since ^tpo is compatible with 
contexts it is if-compatible by Lemma H LI 
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5 Prom Extension Function to TPO-Status 

When defining a TPO-status it is often useful to represent atomic subterms by 
constants. This ensures that the ordering obtained from the status for atomic 
subterms is determined only by its argument quasi-ordering. For instance, the 
definition of a TPO-status often involves normalizing with respect to some dis- 
tributivity rules. By hiding atomic subterms in constants no rewriting can take 
place in atomic subterms. Also, extending an ordering on constants to terms 
is more natural and allows to reuse known simplification quasi-orderings in a 
status function. 

We let Fc be the set of new constants {ct \ t G A}. That is, we assume that 
Fc and F are disjoint, where A contains only terms over F. Then for a given 
ordering F on terms over F we define the ordering on constants in Fc 

by Cs Ct if and only if s ^ t. We will pack atomic subterms into constants 

from Fc and compare them according to ^'^(^). Technically, we let U be the 
convergent term rewriting system {ct ^ t \t G A}, and write U(t) for the normal 
form of t with respect to U . We use the term rewriting system 

P = {t^ Cf \t ground term over F U Fc, t ^ Fc, t' = U{t) and t' G A} 

for packing atomic subterms into constants. The unpacking of t in the definition 
of P is needed to remove nested constants in t. For termination of F observe that 
the number of symbols from F decreases in each step. For confluence observe 
that F contains a rule u[cs'] Ct> for each critical pair 

Cf <J=p u[s] u[cs/] 

where t' = F(u[s]), s' = U{s) and u is a nonempty F-context, since U{u[cs']) = 
U{u[s]) = t' G A. 

It remains to obtain a quasi-ordering on the packed terms. Let F* be a 
function that maps any quasi-ordering on constants Fc to a quasi-ordering 
on terms over F/ U Fc, with the following properties: 

1. ^*(^c) extends is strictly compatible with contexts and has the subterm 
property. 

2. Whenever there is an infinite descending chain F ^2 ... of 

terms over F/ U Fc then there exists an infinite descending chain ci >~c 
C 2 Fc ■ ■ . of constants in Fc such that ci occurs in some tj for j > 1. 

3. Let c be a constant in Fc- If c Fc d for all constants d occurring in a term t 

then c t. 

4. If t ^*(^c) c then d c for some constant d in t. 

Then we will call F* an extension function. Propertyjis the constant dominance 
condition of Baader (1997). Note that it implies property^for total We can 
now define a TPO-status Fp by s t if and only if F(s) F(t). 

Lemma 9 Let F* he an extension function. Then Ff is a TPO-status for Fj. 



158 Jiirgen Stuber 



Proof: The proof is straightforward. 



□ 



Proposition 10 Let be an extension funetion sueh that ^*QZc) is total for 
any total quasi- ordering on constants. Then preserves totality. 



Lemma 11 Let be an extension funetion sueh that ^*(^c) is {E U ~c)- 
antisymmetric for any quasi- ordering on constants. Then preserves E- 

antisymmetry. 

Proof: Suppose ^ is if-antisymmetric and s t. Then P{s) ~*(^c) P{t) 

and hence P{s) P(f)- Since ^ is if-antisymmetric, Cs> ~c Ct> implies 

s' =E t' for any atomic subterms s' and t' of s and t. Hence s =e t. □ 



Lemma 12 Suppose Ej D Ee, and let be an extension function such that 
is E-compatible for any quasi- ordering on constants. Then is 

prepared for E- compatibility. 

Proof: Observe that due to Ei O Fe contexts at the root consisting of function 
symbols in E are left intact by packing. Hence for any instance of an equation 
in E packing both sides results again in an instance of the same equation. Thus 
for an equation s « t in if we have P{sa) = sa' ^*(^c) ta' = P{ta) by in- 
compatibility of where we define a' by xa' = P{xa) for all variables x in E. 
We conclude that sa ta for any ground instance sa « ta of an equation 

s « t in if. □ 



Theorem 13 Let E be a set of collapse-free equations, let be an extension 
function such that is total, (if U '^c)-o,ntisymmetric and E -compatible 

for any total quasi- ordering on Eq, and let be a precedence that is TPO- 

admissible for Ej . 

Then is a total E- antisymmetric and E-compatible simplifica- 

tion quasi- ordering. 



6 Examples of Theory Path Orderings 

In a trivial way any simplification quasi-ordering can be constructed as a TPO, 
by taking Ej = E and letting be the original ordering. Then A and Eq are 
empty, and properties and of an extension function become void. Being 
a simplification quasi-ordering, satisfies properties ^ and Q . 

On the other end of the spectrum is the lexicographic path ordering, which 
is obtained for F/ = 0. 

The simplest nontrivial example is the associative path ordering for a single 
associative and commutative symbol / which we already have used as an example 
in SectionsHandH That is, we have E = AC(/) and Ej = Ee = {/}. Terms over 
EiUEc are ordered according to the multiset of constants from Eq they contain. 
Formally, we associate the complexity nit) = argSAc(y)(t) to each term t over 
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Fi U Fc, and define by s >\>Zc) t if and only if At(s) K{t). We 

now show that this extension function satisfies the requirements of Theorem 
Associativity and commutativity are collapse- free. Clearly ^*(^c) extends 
and satisfies properties HandH The multiset extension of a quasi-ordering has 
the following properties: 



Ml >raui M2 implies TV U Mi >rnui TV U M 2 (1) 

Ml )^rnui M2 implies TV U Mi '^rnui TV U M 2 (2) 

Ml C M 2 implies Mi >raui M2- (3) 

Strict compatibility with F/-contexts is a consequence of ^ and Q. The sub- 
term property follows by Q . The multiset extension preserves well-foundedness, 
hence an infinite descending chain in ^*(^c) can only arise from an infinite de- 
scending chain in Since we can restrict the ordering to the constants occur- 
ring in the infinite descending chain of multisets, there is an infinite descending 
chain of constants occurring in these multisets. Thus is an extension function. 
If is total then is total, since the multiset extension preserves total- 

ity. AC-compatibility is obvious from the construction. Finally we show that the 
quasi-ordering ^*(^c) is (AC U ~c)-antisymmetric. Suppose s ~*(^c) t- To take 
care of ~c we select a representative rep(c) for each ~c-equivalence class in Fq- 
That is, c '^c d li and only if rep(c) = rep{d) for any two constants c and d 
in Fc- We replace each constant c in s and t by its representative and obtain 
terms s' and t', respectively. Then s' ~*(^c) t' , 

k(s') = Ml = {ci, . . . , Cfc} and 
K{t') = M2 = {di, . . .,d/}, 

and Ml M2- Since ~c-equivalent constants are equal in s' and t' , we 

even have Mi = M2 and hence s' =ac i' ■ Combining this with s s' and 
t t' we get s =ACu~c We conclude that ^*(^c) is ACU^c-antisymmetric. 
Thus is a total, if-antisymmetric and A-compatible simplification 

quasi-ordering. 

To express a general associative path ordering as a TPO one would put the 
AC- function symbols and the symbols below them in the precedence into Fj and 
keep the precedence on the other symbols in The TPO-status would consist 
of the APO obtained by reusing the precedence on Fj and extending it above 
by the ordering on the constants in Fc- One easily sees that this is an extension 
function, and that the resulting TPO is equal to the original APO. 

As a larger example we present a quasi-simplification ordering for modules 
over some fixed ring R. We assume as given a well-ordering on i? such that 
a 1 0 for any a G R \ {0,1}. The module is described by the following 

term rewriting system modulo AC, where the vi are variables for scalars and * 
is scalar multiplication: 



a; -I- 0 ~ a; 
0 * a; « 0 



(M.l) 

(M.2) 
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1 * a; s 


e X 


(M.3) 


u * 0 s 


s 0 


(M.4) 


V * {x + y) p 


ev*x+v*y 


(M.5) 


Vi * {V 2 * x) P 


e V * X [v = vi ■ V 2 ] 


(M.6) 


X + X 


=1-1-1] 


(M.7) 


Vi * X + X P 


^ V * x[v = V\ + 1] 


(M.8) 


Vi * X + V2 * X ^ 


s u * a; [u = -|- U 2 ] 


(M.9) 



We denote the set of ground instances of these rules that satisfy the constraints 
by M. The ordering should orient rules in M from left to right. Furthermore, the 
symmetrization requires that a * t a" * t + a' * r for any terms t and r and 
a, o', a" G R such that t is atomic, t ;^m f and a a" . The particular problem 
that rules out standard orderings is that combines arbitrary coefficients to 

a possibly greater coefficient, while the reduction in the coefficient from a to a'' 
must suffice to make room for any term r smaller than t. 

We let Fj = Fm = {+,*,0,l}Ui?, assume a total precedence Fp on F\Fj, 
and let denote its TPO-admissible extension to F. Let D be the convergent 
term rewriting system consisting of the ground instances of the distributivity 
rule ^^ 3 . We denote the normal form of a term t with respect to D by D(t). 
Let t be a ground term over Fj U Fc in D-normal form. Then t is of the form 

t = an * • • • * oifcj * Cl + • • • + a„i * • • • * a„fc„ * c„ 

where n > 1, ki > 0, Ci G Fc U {0, 1}, and G R for i = 1, . . . , n and 

j = We assign a complexity k to any such t as follows. Again we 

assume a function rep : Fc Fc such that rep(c) = rep(d) if and only if 
c ~c d. We extend rep to Fc U {0, 1} by rep(O) = 0 and rep(l) = 1. The 

ordering is extended to Fc U {0, 1} such that c ^ Fc 0 for any con- 
stant c in Fc- We let occ{t,a) = {j \ cj ~c Ci}, = |occ(t, Ci)|, and 

cs(t, Ci) = UjGocc(t i! ■ ■ • ! That is, occ(t, Ci) is the set of indices of 

the occurrences of constants in the same ~c-equivalence class as Cj, ci) is 
the number of these occurrences, and cs(t, ct) is the multiset of the tuples of 
coefficients associated with these occurrences. To each equivalence class we asso- 
ciate the tuple (rep(ci), #(t, Ci),cs{t, d)). Finally, we let n{t) be the set of tuples 
for the constants from Fc that occur in t. We order these complexities accord- 
ing to the multiset extension of the lexicographic combination of > and the 
multiset extension of the length-lexicographic extension of We denote the 
ordering on complexities by F^, Then we define the ordering F^ on terms over 
Fj U Fc hy s F^ t if and only if «;(D(s)) F^ «;(D(t)) where s and t are terms over 
Fj U Fc- Finally we get the TPO-status as the status derived from F^^ and 

let^i(Fp) = F‘p°(Fp,Ff). 

Theorem 14 tiihp) is a total AC U T)- compatible and AC U D- antisymmetric 
simplification quasi- ordering on ground terms that contains M\D. 
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Proof: We do not have enough space for the complete proof that satisfies the 
requirements of Theorem^] As an example, we show how strict compatibility 
with contexts can be obtained: 

Let /„[] be the function that maps any complexity K(t) to «:(D(u[t])), where 

t = an * • • • * oifcj * Cl + • • • + a„i * • • • * a„fc„ * c„ 

is a ground term in D-normal form. To see that /„[] is well-defined, observe that 
t can be reconstructed up to AC U ~c-equivalence from nft), and that k maps 
terms in an AC U ^c-equivalence class to the same complexity. We show that /„[] 
is strictly monotonic for any context u[] by considering contexts of depth one. 

(1) Consider u = s -I- []• 

(1.1) Suppose s = bi * ■ ■ ■ * bi * d. 

(1.1.1) Suppose no Ci is ~c-equi valent to d. Then 

fu[]{K{t)) = K(t)U{(rep(d),l,{(6i,...,6/)})} 

and /„[] is strictly monotonic by properties Q and B of the multiset extension. 

(1.1.2) Otherwise d ~c O for some i = l,...,n. Suppose without loss of 
generality d ~c ci. Then 

/«[](kW) = {(ci,#(t,ci) -h l,cs(t,ci) U {(5i, . . .,6/)})} 

C {(ci,^(t, Ci),Cs(t, Cl)) I Ci Cl}. 

Consider the function that maps a tuple (c, n, M) to (c, n -h 1, M U {(5i, . . . , 5/)}) 
if c ~c d and to (c, n, M) otherwise. This function is strictly monotonic. Hence 
its multiset extension /„[] is strictly monotonic. 

(1.2) Otherwise s is a proper sum, and /„[] can be obtained as a finite com- 
position of the strictly monotonic functions of case (1.1). Hence /„[] is strictly 
monotonic. 

(2) Consider u = a* []. Then /„[] maps any tuple (oi, . . . , Ofc) of coefficients in 

the multiset in the third component to (a, oi, . . . , Ofc). This mapping is strictly 
monotonic. By multiset extension, lexicographic product with identity functions 
for the first two components and again multiset extension we obtain /„[], which 
thus is strictly monotonic. □ 

From ^1 we obtain an ordering that orients D from left to right and that is AC- 
antisymmetric by combining ^i lexicographically with a polynomial ordering 
and the ACRPO of Rubio and Nieuwenhuis (1995). 

7 Conclusion and Further Work 

We have presented a general path ordering for the purpose of superposition the- 
orem proving in algebraic theories. We have used this construction successfully 
for the cases of abelian groups, commutative rings, and modules and algebras 
over a fixed ring. 
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In practice it will be necessary to consider also nonground terms. Clearly 
lifting depends on the particular TPO-status chosen. An approach that should 
be applicable in many cases is to compare two nonground terms by considering 
a finite set of their instances (Bachmair and Plaisted 1985). 

Waldmann (1998) shows how to extend an arbitrary reduction ordering on 
terms over free function symbols to an ACU-compatible reduction ordering by 
semantic labeling, using essentially an APO for a single AC-symbol. It seems 
feasible to extend this approach to other theories via TPOs. 
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Abstract. We prove that string rewriting systems which reduce by Hig- 
man’s lemma exhaust the multiply recursive functions. This result pro- 
vides a full characterisation of the expressiveness of Higman’s lemma 
when applied to rewriting theory. The underlying argument of our con- 
struction is to connect the order type and the derivation length via the 
Hardy hierarchy. 



1 Introduction 

Higman’s Lemma 

Recall the statement of Higman’s lemma for strings. Given an alphabet E, define 
the division ordering < as the least pre-order on the set of finite strings E* 
satisfying the following properties 

• sub-term property. \/a G E, \/u G E* , u <i au, 

• monotonicity. Vu, v G E* , G E, u<v^au< av. 

Theorem 1 (Higman Bl~). 

For any finite alphabet E, {E* , <) is a well- quasi- ordering. 

A well-quasi-ordering is a well-founded ordering with no infinite anti-chain. 
In other words, every ordering extending ^ is still well-founded. So Higman’s 
lemma provides a syntactic criterion for the definition of well-founded orderings 
on strings. Let’s mention the Knuth-Bendix ordering, the recursive path order- 
ing, the polynomial orderings. What concerns us is the expressiveness of string 
rewriting systems (SRS). Given a Noetherian finite SRS TZ on an alphabet E, 
define the derivation length function Dl-jz by 

din : E* 

w m.ax{dln{u), w -^n u} -I- 1 
Din : IN ^ IN 

m 1 -^ max{n £ IN, 3 w G E* , dln{w) = n A i w i < m} 

P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 163-^^^ 1999. 

@ Springer-Verlag Berlin Heidelberg 1999 
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where iwi is the size of the string w. The expressiveness of the main termination 
orderings was extensively studied and we know that most ensure primitive recur- 
sive derivation lengths on strings (see Q for the Knuth-Bendix and polynomial 
orderings, for the recursive path ordering). The purpose of this paper is to 
investigate the derivation length of the whole class of string rewriting systems 
reducing by Higman’s lemma. Extending the result of we establish that 
existing termination proof techniques do not reach the full strength of Higman’s 
lemma: one can go far beyond primitive recursiveness and exhaust the class of 
multiply recursive functions. 



Multiply Recursive Functions and the Hardy Hierarchy 

Multiply recursive functions are traditionally defined by closure under the sche- 
mes of fc-recursion (see Peter for instance). Grzegorzyck, Wainer and others 
teach us that classes of functions may also be described by hierarchies of func- 
tions indexed by ordinals. We adopt this alternative point of view here and 
introduce the class of multiply recursive functions by the means of the Hardy hi- 
erarchy. Let CMJ-{£q) be the set of notations in Cantor Normal Form for ordinals 
below £q. a canonical assignment of fundamental sequences for limit ordinals in 
CNT{eo) is defined recursively as follows: 

UJn = n 

{a + A)„ = a -l- A„ 

(w^+^)„ = uj^n 

where j3 is in CJVT{£q) and A is a limit ordinal in CAf!F{eo). With the funda- 
mental sequences, one can define the family of predecessor function^ For all 
n e IN, : CNT{eo) CNT{eo) is 

Pn(0) = 0 
Pn{a -I- 1) = a 

P„(A) = A„, if A is a limit ordinal. 

For each ordinal a of CAf P{eo), the Hardy function Tia is now defined as follows. 

Tfo : IN ^ IN 
n 1-^- 0 



and for a > 0 

: IN ^ IN 

n 1 -^ 'Hp^(a){n -I- 1) -I- 1 

The class of multiply recursive functions is exactly described by the family of 
Hardy functions indexed by ordinals of (Robbin ^3)- 

^ For the limit case, the predecessor function is sometimes defined as Pn(A) = Pn(An). 
This does not affect the complexity of the Hardy hierarchy. 
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Why should we give a preponderant role to the Hardy hierarchy ? Consider 
the maximal order type of the division ordering <. De Jongh and Parikh estab- 
lished in Q that for all finite non-empty alphabet S, the maximal order type of 
1^1 

(if*, <) is . Cichon and Tahhan Bittar took advantage of this result and 

produced a measure for sequences compatible with ^ using the Hardy hierarchy 
indexed by the maximal order type of the division ordering. 

Theorem 2 (Cichon and Tahhan-Bittar Q). 

Let S he a finite alphabet and fc C IN. For each string u in E* , lui denotes the 
size of u. There is a function (/) : IN — > IN such that for all sequence (ui)ig]N of 
E* satisfying 

• Wi,j G IN, i < j ^ ~^{ui < Uj), 

• Vi e IN, \Ui \ < \ uq \ + k X i, 

the length of (ui)ig]N is hounded by (f>{iuo\). Moreover <f> is an elementary 
function in H^js \ . 

This theorem provides an upper bound for rewrite derivations : each finite 
string rewriting system reducing by Higman’s lemma has a multiply recursive 
derivation length. 

We investigate here the intriguing role of Hardy hierarchy and show that it 
is possible to encode Hardy functions indexed by ordinals of by finite string 
rewriting systems which are compatible with the division ordering of Higman’s 
lemma. This construction shows that Cichon and Tahhan’s upper bound is es- 
sentially optimal. At a logical level it confirms the fact that the Hardy hierarchy 
is the right tool for connecting derivation length and order type. The proof goes 
as follows. The Hardy hierarchy enjoys an intuitive geometrical description : for 
each ordinal a and all integer n, consider the decreasing sequence of ordinals 
(ofijigiN given by 

, ^ G^o G, 

Oii+l = Pn+i{ai). 

The sequence stops when it reaches 0. We call it a {*)- sequence. Ha{n) is simply 
the length of the (*)-sequence generated by a and n. We use this representation 
and encode (*)-sequences for ordinals below by rewrite systems. This idea is 
already present in Q, where it leads to a new lower bound of the complexity of 
simplifying term rewriting systems. Here we use strings instead of terms. First, 
we need to produce a specific notation system for ordinals below uj‘^ based on 
strings. For that we choose the recursive path ordering of Dershowitz (section 
B . We are then able to construct the string rewriting systems and their proof of 
termination by Higman’s lemma (section^ . We even establish total termination. 

2 Rewriting Theory and Total Termination 

We do not recall fundamental notions on rewrite systems and termination (see 
Q for instance) . Let E be an alphabet and A an ordering on E* . We say that 
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^ is strictly monotone if Vu, v G S* , (u ^ v ^ \/a G S au ^ av). 

-< is monotone if Vu, ?; G S* , (u:<v^yaGS, au^ av), where ^ is the 
reflexive closure of 

^ has the sub-term property \i\/u G E* , \/a G S , u ^ au. 

We now come to the definition of total termination, due to Ferreira and 
Zantema Q. 

Definition 1 (Total Termination). Let E he an alphabet. A total termination 
ordering on E* is a strictly monotone well-order. A rewrite system TZ of E* is 
totally terminating if it is compatible with a total termination ordering. 

Total termination on a finite alphabet implies the sub-term property (see 
H or H). It follows that any totally terminating rewrite system is compatible 
with the division ordering of Higman’s theorem. We now give another character- 
isation of total termination, which requires only monotonicity, instead of strict 
monotonicity. This result is useful in section J 

Proposition 1. Let E be a finite alphabet and letTZ be a rewrite system on E* . 
TZ is totally terminating if and only if there exists an ordering -< on E* such 
that 

(i) for each I ^ r in TZ, for each u G E* , lu>- ru, 

(ii) ^ has the sub-term property, 

(iii) ^ is monotone. 

Proof. One direction of the proof is obvious. For the other direction, let mul(T'*) 
denote the set of finite multisets on E* , mul(^) the multiset extension of ^ on 
mul(Z’*) and U the union of multisets. For each string u in If*, define M.{u) as 
the multiset containing u and its suffixes: 

M{e) = 0, 

M.{au) = {au} U A4(u), 

and define as 

u V At(u)mu l(^)At(u). 

We claim that -<' is a total termination ordering for TZ. Firstly, is strictly 
monotone: let u,v G E* such that u <' v and let a G E. We have 

A4(au) = (auj U Af (u), 

M{av) = {av} Li M{v). 

By hypothesis, we have Af (u)mul(-<)Al(u). So it suffices to show that au ^ 
av. Suppose u >- v. By hypothesis (ii) on this would imply Al(u)mu l(^ 
)M{v), which contradicts the hypothesis Al(u)mul(^)AI(u). So u ^ u, which 
with (iii) ensures au ^ av. Thus au av. Secondly, is well-founded, since it 
is monotonic and enjoys the sub-term property. Finally, is compatible with TZ: 
let I r inTZ and u G E* . By (i), lu >- ru, which with (ii) implies lu mul(;^) ru. 
Hence lu >' ru. This completes the proof. □ 



A Characterisation of Multiply Recursive Functions with Higman’s Lemma 167 



Remark 1. In definition J the notion of total termination on strings coincides 
with the usual definition on terms : it uses only (left-) monotonicity, and not 
stability (left- and right- monotonicity). So our total termination orderings are 
not total division orderings, such as studied in There is a slight difference 
between those two families of orderings: for instance the string rewriting system 

\ 99 ^ fg 

is totally terminating, but it does not reduce under any total division ordering. 

3 Ordinal Notations for with Strings 

The core of our construction is to simulate decreasing sequences of ordinals of 
by sequences of strings. For that, we are now going to introduce an ordinal 
notation system that is based on the recursive path ordering on strings. 

Definition 2 (Recursive path ordering []]). Let E he an alphabet equipped 
with the precedence A. The recursive path ordering -<rpo is the least stable or- 
dering which satisfies 

• if u <3 V, then u ^rpo v, 

• if u ^rpo bv and a ^ b, then au ^rpo bv. 



Proposition 2 ([)(]). If (E,~<) is a well-order, then (E*,~<rpo) is a total ter- 
mination ordering. 

In the sequel of the paper, we choose E = {oi ] iClN} with the well-ordered 
precedence Oi A a^+i. It is routine to prove that the order type of Arpo on E* is 
, the maximal order type of the division ordering. It means that there exists 
an isomorphism O of ^ {E* , -<rpo) such that each ordinal of may be 
denoted in an unique and non-ambiguous way by a string of E* . The purpose of 
the remaining of the section is to make the construction of O explicit. 

Proposition 3. For each limit ordinal a in , there are unique i € IN, /3 , 7 G 
such that 

Of = 7 -I- fd 

and satisfying 

(i) 0 < P < 

(ii) V 0 < ^ < , V (5 G "f S -\- p. 

Proof. Let 0 ;“^ -I- • • • -I- tu"” be the Cantor Normal Form of a. Since a is a 
limit ordinal of uj^ , we have 0<a„< . . . < ai < oj‘^. Let z G IN such that 
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< an < and let j be the smallest index such that < aj < There 

are 6j, . . . ,Sn in such that 



aj = iv^ + Sj, 

= w* + Sn- 

If we set 7 = uj°‘^ + • • • + (7 is possibly 0) and j3 = + • • • + w'*", then 

i, (3, 7 satisfy conditions (i), (ii) and a = 7 + /3. 

We now prove that this decomposition is unique. Let (3, 7 , i and i' satisfying 
conditions (i),(ii) such that 7 + w“ /3 = 7 '+^“ (3' . Consider the Cantor Normal 
Form of (3 and f3’ : (3 = + • • • + and (3' = + • • • + . If we require 

that 7 and 7 ' are in Cantor Normal Form too, conditions (ii), (iii) guarantee 

that the notations 7 + + • • • + and 7 ' + + • • • + 

are two Cantor Normal Forms of the same ordinal. They are identical. It implies 
i = i' . Suppose now that 777 ' (for instance). It would follow that 7 ' = 
7 + ■'■^1 +■■■ + 10 '^ for some k < n, which contradicts (ii). So 7 = 7 ' and 

then n = m, (3i = (3'i, . . . , (3n = (3'n- □ 

In proposition H we require that /3 > 0. In this case, we define — I + /3 as 

the unique ordinal such that l + (— 1 + /3) = (3. Recall that for infinite ordinals 

1+ (3 = (3, and for finite ordinals l+/3 = /3 + 1. So —1 + (3 = j3 when f3 is infinite 
and —1+P = /3— 1 when (3 is finite and non-empty. This leads to the definition 
of the notation system O. 

Definition 3 (The notation system O). 

O: ^ 

0 I— > £ 

/3 4- 1 1 — > aoO{P) 

7 -I- 1 -^ ai+iC>(-l -I- /3)0{j) 



Example 1. 0{n) = Uq, 0{oj) = oi, 0{uj -|- n) = UqUi, 0(oj + oj) = aiUo, 

0(u>^) = OiOi, 0(u>‘^) = 02. 



Proposition 4. O is an isomorphism of (w'^"*', <) ^ {S* , ^rpo)- 

Proof. We first prove that for all a,P G , if a < /3 then 0(a) <rpo 0{f3). 
The ordinal ordering < is the transitive closure of the schemes 

/3 < /3 -l- 1, 

VnGlM -i + u^\f3+l) < -i + u^\l3+{u^')n, 

Vn G IN 7 -I- P < 7 - 1 - iP limit). 
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On strings, it corresponds to the three following inequalities: 



u -<rpo 

Vn G IN ai+iaoC>(/3)C>(7) Arpo a”ai+iC>(/3)C>(7), 

Vn G IN ai+iO{P)0{j) <rpo ai+iO{Pn)0{j). 

The proof is direct, using the definition of -<rpo with an easy induction on /3. 
As a consequence, O is an injective morphism. It remains to show that O is 
surjective. Let u G S* . We construct by induction on the length of u an ordinal 
a such that 0(a) = u. li u = uqv for some v G S*, then the induction hypothesis 
gives us an ordinal /3 such that 0{/3) = v. Set a = P + 1. The definition of O 
ensures 0(a) = a^v. If u = ai+iv for some v G S* and some i G IN, we have to 
consider two sub-cases. When v G {oq, . . . , at+i}*, let /3 such that 0{—l+P) = v. 
In this case, /3 < .So (/3)) = Ci+ir;. Otherwise, there exist b G 

{oi+i, . . .}, vi G {oo, . . . , Oi+i}* and t>2 G S* such that v = v\bv 2 . Let /3 and 7 
such that 0{—l + P) = v\ and 0(7) = bv 2 - We have P) = Oi+i v\ bv 2 = 

Qi+iV. □ 

From now on, we shall always consider that a string built up from the al- 
phabet S = {oo, . . . , Oi, . . .} is a notation for an ordinal of . We express the 
predecessor functions in this notation system. 

Proposition 5. For all u G S* , for all i,j, n G IN 

(i) Pn(aou) = u, 

(ii) Pn(ai+iaou) = a”oi+iu, 

(iii) Pn{ai+\aju) = ai+\Pn{aju) , when 0 < j i -I- 1, 

(iv) Pn{ai+\u) = a^u, otherwise. 

Proof. Given an ordinal a of , we distinguish four main cases for the com- 
putation of Pn{a): 

Case 1: a = 6 + 1. Then Pn{o) = S. 

In all remaining cases, a is a limit ordinal. Let i, /3, 7 satisfying conditions 
(i), (ii) of proposition Hsuch that 0 = 7-!- P . 

Case 2: a = ^ + uj‘^ (/?' -I- 1), i = 0, P' yf 0. Then Pn{a) = "/ + P’ + (oj‘^ )„, 
Case 3: a = ^ + P, P limit. Then Pn{a) = 7 -I- Pn, 

Case 4-: Oi = 'y + u!^ . Then Pn{oi) = 7 -|- (w“ )n- 

We apply the morphism O to a and P„(a). The proof is by induction on the 
length of u. 



Case 1: 0{a) = aoO{5) and 0(P„(a)) = 0{5), 

Case 2: 0{a) = ai+iaoO{P')0{j) and 0{P„{a)) = a^ai+iO{P')0{'y), 



170 



Helene Touzet 



Case 3: 0{a) = ai+iO{P)0{'j) and 0(P„(a)) = ai+iO{Pn)0{'j). By induction 
hypothesis, note that for all j G IN, u G {oq, . . . , Oj}’*' and v G S* Pn{uaj+iv) = 
Pn{u)aj+iv. So 0{Pn{a)) = ai+iPn{0{P)0{G))). 

Case 4--. 0{a) = ai-^-iO{-y) and 0(P„(a)) = a”_]^0(7). 

(i) comes from case 1, (ii) from case 2, (iii) from case 3 and (iv) from case 4- 

□ 

4 Encoding Multiply Recursive Functions by Totally 
Terminating SRS’s 

4.1 Construction of the SRS 

In this subsection, we build a family of string rewriting systems that simulate 
the Hardy hierarchy using the notation system of the previous section. Our aim 
is to describe (*)-sequences of the form 

(u, n), (P„(u),n+1), (P„+iP„(u),n + 2)... 

In a couple (u, n), we represent the ordinal u by the corresponding notation 
of E* . For n, we introduce a new symbol | and denote the integer n in unary 
notation : |". To deal with technical details in the computation, we need two 
extra symbols, o and •. Each step {u,n) of the (*)-sequence is finally encoded 
by the string •|"u. 

It is hopeless to try to simulate the whole class of multiply recursive functions 
by a single finite string rewriting system. We define a family , z G IN, such 
that TZi exhausts the Hardy hierarchy on . For all u G {ag, ■ ■ ■ , Ui}*, the 
system TZi should then allow us to derive 

.|"ZZ •r+^Pn(u). 

' ao ^ o (0,1) 

0^*1 (0,2) 

• I ^ I • • (0,3) 

|o ^ o| (0,4) 

• — > £ (0,5) 

•Oi+iOo ^ fci+iOi+i (i+1 , 1) 

•Oi+l ^ Oi+1* (i+1, 2) 

• ki+i ^ ki+iQi (i+1, 3) 

Oi+io ^ ooi+i (i+1, 4) 

ki+i o (i+1, 5) 

•Oi+i ^ fci+i (i+1, 6) 

Proposition 6. Let u G {oo, . . . , Oi+i}*. For all n > 1, •|”zz ^Ui+i 
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Proof. Define (d|k) u ^ oPn{u). {^) implies the desired result. 

• (0,3) + 

(0,5)* 

^|"oP„(zi) (4) 

^o|"P„(u) (0,4) + 

i..|"+ip„(u) (0,2) 

We now establish (4) by induction on u. We consider the four cases introduced 
in proposition H 



Case 1: 


af)V 


(0,5)* 


ov 


(0,1) 


Case 2: 


m^+^Qi+iaov •"'fci+iOi+iU 


(i+1,1) 


^ ki+ia^ai+iv 


(i+1,3)* 


oaiQi+iv 


(i+1,5) 


Case 3: 


•"+^ai+iu ^ Oi+i *”+^ V 


(i+1,2)* 


^ Oi+I o Pn{v) 


(induction hypothesis) 


oai+iPn{v) 


(i+1,4) 


Case 4-’ 




(i+1,6) 


^ ki+ia^v 


(i+1,3)* 


o 

T 


(i+1,5) 



Corollary 1. For each multiply recursive function f, there exists i in N such 
that f is eventually dominated by Dln^, the derivation length ofTZi. 

Proof. The proposition | implies that for all i in IN, Dl'Jl^ eventually dominates 
the Hardy function indexed hy uj‘^ . □ 



4.2 For all i E IN, TZi is Totally Terminating 

We now come to the final argument of our construction and show that the string 
rewriting systems TZi are totally terminating. The proof relies on proposition^ 
we define for TZi a monotone ordering which enjoys the sub-term property. Our 
starting point is the intentional meaning of the symbols of E: each string u built 
up from oo, . . . , Oi, . . . may simply be interpreted by the underlying ordinal or 
equivalently by the notation based on strings of S* . For the symbol ki, define 
the function ifi by 

ifi+i '■ u sup{a"u; n G IN}. 

(The supremum is wrt -<rpo-) We have the following properties. 
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Lemma 1. For all u in S* , for all i in TN 

(i) = f^i+i{aiu), 

(ii) ai+iaouhrpof’i+i{ai+iu), 

(iii) ai+iuhrpof’i+i{u), 

(iv) -tpi{u) >-rpo u, 

(v) ipi is an increasing function. 



Proof, (i) is by definition of ipi and (ii), (iii), (iv), (v) are easy consequences of 
the definition of :<rpo- n 

For the symbols •, o and |, consider the sub-system 



5 



O ^ 

•I-I" 

|o ^ o| 

• ^ £ 



•Cli+1 di+l* 
• ^ Oi 

^ Oi+iO ^ OOi+i 



Lemma 2. There exists a total termination ordering for S. 

Proof. We give an interpretation X on IN^ for the rules of S. 

X{o){n, m,p) = {2n + 4, m,p) 

X(|)(n,m,p) = (2n-f l,m,p) 

X(*)(n, rn,p) = (n, n -I- m, 2p + 2) 

I{ai){n, m,p) = {n,n+ m,p + 1) 

Define u ^5 u by X(u) < X{v). □ 

Combining the ordering ^rpo for Oi and fcj, and the ordering ^5 for |, o and 
• , we define the interpretation [ ] on (if U {fcj, i > 0})* x (if U {o,*, |})* as 
follows: 

[aj = (u, v) ^ {aiU, QiV) 

[ki+i] = (u,v) 1-^ (f^i+i{u),v) 

[•] = (u, v) 1-^ (u, uv) 

[o] = (u, v) (u, ov) 

[|] = ^ {u, |u) 

{SU {ki, z>0})* X (ifUlo, •,!})* is ordered by the left-to-right lexicographic 
combination of ^rpo and ^5. We finally define ^ by 



u~<v ^ [u] lex(^rpo,^5) H- 
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Lemma 3. 

(i) ^ has the sub-term property, 

(ii) A is monotone, 

(iii) for all i S IN, for all I r G TZi, for all w G E* , Iw >- rw. 

Proof, (i) and (ii) are consequences of lemma H(iv), (v). We establish (iii) : 
we examine each rule of TZq and TZi+i and verify that it reduces under the 
interpretation [ ] with the ordering Let w S E* and (u, v) = [w]. 

For TZq : 



(0,1) 


(aou, aov) {u, 


ov) 


(0,2) 


{u, 


o 

T 

• 


), 


(0,3) 


{u, 


• |u) ^ (u, 1 • 


•v) 


(0,4) 


{u, 


\ o v) {u,o 


v), 


(0,5) 


{u, 


•v) >- {u, v). 




TZi+l • 









(i+1,1) : (oi+iaou, •Oi+iaou) (V'i+i(ai+iu), Ci+iu), 

(i+1,2) : (oi+iu, •Oi+iu) (oi+iu, Ci+i • u), 

(i+1,3) : (ifi+i{u),9v) >- {ifi+i{aiu),aiv), 

(i+1,4) : (oi+iu, Oi+i o u) (oi+iu, ooi+iu), 

(i+1,5) : (^/>i+i(u),u) {u,ov), 

(i+1,6) : (oi+iu, •Oi+iu) (ifi+i{u),v). 

(See lemmaH(i), (ii), (iii)) □ 



Proposition 7. For all i G IN, TZi is totally terminating. 

Proof. Consequence of lemma^and proposition^ □ 

5 Conclusion: What about Term Rewriting Systems? 

We have encoded the maximal order type of the division ordering < by strings 
equipped with the recursive path ordering. Here is the key point of the construc- 
tion. Then it is easy to simulate the Hardy hierarchy for this notation system. 
We believe that this approach would apply to term rewriting systems, using the 
lexicographic path ordering on terms instead of the recursive path ordering on 
strings: the order type of the lexicographic path ordering reaches the maximal 
order type of the homeomorphic embedding of Kruskal’s theorem. 
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Abstract. The main contribution of this paper is a new method for 
combining decision procedures for the word problem in equational the- 
ories sharing “constructors.” The notion of constructors adopted in this 
paper has a nice algebraic definition and is more general than a related 
notion introduced in previous work on the combination problem. 



1 Introduction 

The integration of constraint solvers (that is, specialized decision procedures 
for restricted classes of problems) into general purpose deductive systems (such 
as Knuth-Bendix completion procedures, resolution-based theorem provers, or 
Logic Programming systems) aims at combining the efficiency of the special- 
ized method with the universality of the general one. Many applications of the 
constraint-based systems obtained by such an integration require a combina- 
tion of more than one constraint language, and thus a solver for the resulting 
mixed constraints. The development of general combination methods for con- 
straint solvers tries to avoid the necessity of designing a new specialized decision 
procedure for each new combination of constraint languages. 

For equational theories, one is usually interested in solvers for the following 
decision problems: the word problem, the matching problem, and the unifica- 
tion problem. In this setting, the research on combination of constraint solvers 
is mainly concerned with finding conditions under which the following question 
can be answered affirmatively: given two equational theories Ei and E2 with de- 
cidable word/matching/unification problems, is the word/matching/unification 
problem for Ei U E2 also decidable? 

A very effective (but also rather strong) restriction is to require that Ei and 
E2 be equational theories over disjoint signatures. Under this restriction, deci- 
sion procedures for the word problems in Ei and E2 can always be combined 
into a decision procedure for the word problem in Ei U E2 For 

the matching and the unification problem, there also exist very general combi- 
nation results under the disjointness restriction (see for matching, and, e.g., 

* Partially supported by the EC Working Group CCL II. 



P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 175-^^| 1999. 
@ Springer-Verlag Berlin Heidelberg 1999 



176 



F. Baader, C. Tinelli 



for unification) . It is not hard to extend these results to theories sharing 
constant symbols The only work we are aware of that presents a general 

combination approach for the union of equational theories having more than con- 
stant symbols in common is Q, where the problem of combining algorithms for 
the unification, matching, and word problem is investigated for theories sharing 
so-called “constructors.” 

In this paper, we restrict our attention to the word problem. The combination 
result we obtain improves on the corresponding result in Q in the following 
respects. Firstly, we introduce a notion of constructors, modeled after the one 
introduced in which is strictly more general than the one in Q. Whereas 
y does not allow for nontrivial identities between constructor terms, we only 
require the constructor theory to be collapse-free. Secondly, the definition of 
constructors in ^ depends strongly on technical details such as the choice of an 
appropriate well-founded and monotonic ordering. In contrast, our definition uses 
only abstract algebraic properties. Finally, the combination procedure described 
in B, like the ones for the disjoint case directly transforms the terrns 

for which the word problem is to be decided, by applying collapse equation:^ 
and abstracting alien subterms. This transformation process must be carried on 
with a rather strict strategy (in principle, going from the leaves of the terms to 
their roots) and it is not easy to describe. In contrast, our procedure extends the 
rule-based combination procedure for the word problem introduced in ^ for the 
case of shared constants. It works on a set of equations rather than terms, and 
its transformation rules can be applied in arbitrary order, that is, no strategy is 
needed. We claim that this difference makes the method more flexible and easier 
to describe and comprehend. 

The next section introduces the word problem and describes a reduction of 
the word problem in the union of equational theories to satisfiability of a conjunc- 
tion of two pure formulae. Before we can describe our combination procedure, 
we must introduce our notion of constructors (Section^. Section^also contains 
some results concerning the union of theories sharing constructors. In Section | 
we describe the new combination procedure for theories sharing constructors, 
and prove its correctness. Section ^investigates the connection between our no- 
tion of constructors and the one introduced in Q, and includes some remarks on 
how this work relates to the research on modularity properties of term rewriting 
systems. Because of the page limit, we cannot give detailed proofs of our results. 
They can be found in Q. 



2 Word Problems and Satisfiability Problems 

We will use V to denote a countably infinite set of variables, and T{f2,V) to 
denote the set of all 17-terms, that is, terms over the signature 17 with variables in 
V. An equational theory E over the signature 17 is a set of (implicitly universally 
quantified) equations between 17-terms. We use s = t to denote an equation 

^ i.e., equations of the form x = t, where a; is a variable occurring in the non- variable 
term t. 
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between the terms s, t. For an equational theory E, the word problem is concerned 
with the validity in E of quantifier-free formulae of the form s = t. Equivalently, 
the word problem asks for the (un)satisfiability of the disequation s ^ t in E — 
where s ^ t is an abbreviation for the formula ~^{s = t). As usual, we often write 
“s =E t” to express that the formula s = t is valid in E. An equational theory 
E is collapse-free iff x t for all variables x and non- variable terms t. 

Given an 17-term s, an 17-algebra A, and a valuation a (of the variables in s 
by elements of A), we denote by [[s]]„ the interpretation of the term s in A under 
the valuation a. Also, if A is a subsignature of 17, we denote by A^ the reduct 
of A to the subsignature E. An 17-algebra A is a model of E iff every equation 
in E is valid in A. The equational theory E over the signature 17 defines an 17- 
variety, i.e., the class of all models of E. When E is non-trivial i.e., has models 
of cardinality greater than 1, this variety contains free algebras for any set of 
generators. We will call these algebras E-free algebras. Given a set of generators 
(or variables) X, an A-free algebra with generators X can be obtained as the 
quotient term algebra T(l7, A)/=e. It is well-known that two A-free algebras 
with sets of generators of the same cardinality are isomorphic. 

In this paper, we are interested in combined equational theories, that is, 
equational theories E of the form E := E 1 UE 2 , where Ei and E 2 are equational 
theories over two (not necessarily disjoint) signatures Ei and A 2 . The elements 
of El n E2 are called shared symbols. We call 1-symbols the elements of Ei and 
2-symbols the elements of A 2 . A term t G T{Ei U E 2 ,V) is an i-term iff its top 
symbol t(e) G V U Ei, i.e., if t is a variable or has the form t = /(ti, ...,tn) for 
some z-symbol / (z = 1, 2). Note that variables and terms t with t{e) & EiC\ E 2 
are both 1- and 2-terms. A subterm s of a 1-term t is an alien subterm of t iff it 
is not a 1-term and every proper superterm of s in t is a 1-term. Alien subterms 
of 2-terms are defined analogously. For z = 1, 2, an z-term s is pure iff it contains 
only z-symbols and variables. A (dis)equation s = t (s ^ t) is z-pure iff s and t 
are pure z-terms. It is called pure iff it is z-pure for some z G {1,2}. 

A given disequation s ^ t between {E\ U A 2 )-terms s,t can be transformed 
into an equisatisfiable formula ip\ A </? 2 , where (pi is a conjunction of z-pure 
equations and disequations (z = 1,2). This can be achieved by the usual variable 
abstraction process in which alien subterms are replaced by new variables (see, 
O-g-, BD fo'' ^ detailed description of the process). Obviously, if we know that 
Pi A ifi 2 is satisfiable in a model A of Ei U E 2 , then pi is satisfiable in the 
reduct A^f which is a model of Ei (z = 1,2). However, the converse need not 
be true, that is, if pi is satisfiable in a model Ai ol Ei {i = 1,2), then we cannot 
necessarily deduce that the conjunction p\ A p 2 is satisfiable in some model A 
of EiU E 2 - One case in which we can is described by the proposition below. 



Proposition 1. Let Ai be a model of Ei (i = 1,2), and E ■.= EiC\ E 2 - Assume 
that the reducts Ai and A 2 ^ are both free in the same E -variety and their 
respective sets of generators Yi and Y 2 have the same cardinality. If pi is satis- 
fiable in Ai with the variables in Var{pi) n Var{p 2 ) taking distinct values over 
Yi for i = 1,2, then there is a model of E\ U E 2 in which p\ A p 2 is satisfiable. 
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This proposition is a special case of more general results in A simpler direct 
proof in the special case can also be found in Q. 

In the following, we will consider the case where the algebras Ai are Ei~ 
free. Unfortunately, the property of being a free algebra is not preserved under 
signature reduction. The problem is that the reduct of an algebra may need 
more generators than the algebra itself. For example, consider the signature 
17 := {p, s} and the equational theory E axiomatized by the equations 

E :={x= p(s(x)), X = s(p(a;))} . 

The integers 2 are a free model of E over a set of generators of cardinality 
1 when s and p are interpreted as the successor and the predecessor function, 
respectively. Now, if E := {s}, then is definitely not free because it does not 
even admit a non-redundant set of generators, which is a necessary condition for 
an algebra to be free. 

Nonetheless, there are free algebras admitting reducts that are also free, 
although over a possibly larger set of generators. These algebras are models of 
equational theories that admit constructors in the sense explained in the next 
section. 



3 Theories Admitting Constructors 

In the following, fl will be an at most countably infinite functional signature, 
and E a subset of 17. For a given equational theory E over 17 we define the 
E -restriction of E as E^ := {s = t \ s,t & T{E, V) and s =e t}. 

Definition 2 (Constructors). The subsignature E of Q is a set of construc- 
tors for E if the following two properties hold: 

1. The E-reduct of the countably infinitely generated E-free Q-algebra is an 
E^ -free algebra. 

2. E^ is collapse-free. 

This definition is a rather abstract formulation of our requirements on the theory 
E. In the following, we develop a more concrete characterizatioi| of theories 
admitting constructors, which will make it easier to show that a given theory 
admits constructors. But first, we must introduce some more notation. 

Given a subset G of T(17, U), we denote by T(A, G) the set of terms over 
the “variables” G. To express this construction we will denote any such term by 
s(r) where r is the tuple made of the terms of G that replace the variables of s. 
Notice that this notation is consistent with the fact that G C T{E, G). In fact, 
every r G G can be represented as s(r) where s is a variable of V . Also notice 
that T{E, V) C T{E, G) whenever U C G. In this case, every s G T{E, V) can 
be trivially represented as s(u) where v are the variables of s. 

^ T his c haracterization of constructors is a special case of the definition of constructors 

in ^3. 
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For every equational theory E over the signature fl and every subset E of 
17, we define the following subset of T{Q, V)\ 

Ge{E, V) := {r G T(l7, V) \ r /(i) for all / G T and t in T(l7, V)}. 

We will show that, if if is a set of constructors for E, then Ge{E, V) determines 
a set of free generators for the if-reduct of the countably infinitely generated 
if-free algebra. But first, let us point out the following properties of Ge{E, V): 

Lemma 3. Let E be an equational theory over fl and E C f2. 

1. Ge{E,V) is nonempty iffV C Ge{E,V); 

2- IfVC Ge{E,V), then E^ is eoUapse-free. 

Theorem 4 (Characterization of constructors). Let E C il, E a non- 
trivial equational theory over fl, and G := Ge{E,V). Then E is a set of con- 
structors for E iff the following holds: 

1. VCG. 

2. For all t G T{fl,V), there is an s(r) G T{E,G) such that t =e s{r). 

3. For all si{fi),S 2 {r 2 ) f T{E,G), 

Sl(fi) =E 52(7=2) iffsi{vi) =E S 2 (U 2 ), 

where v \ , v^ are fresh variables abstracting ri , f 2 so that two terms in fi , f2 
are abstracted by the same variable iff they are equivalent in E. 

Actually, the proof of the theorem — which can be found in Q — provides a little 
more information than stated in the formulation of the theorem. 

Corollary 5. Let E be a set of constructors for E, A an E-free fl-algebra 
with the countably infinite set of generators X, and a a bijective valuation of 
V onto X. Then, the reduct is an E^ -free algebra with generators Y := 
mi\re Ge{E,V)}, andXCY. 

Condition I of Theorem J says that, when A is a set of constructors for 
E, every 17-term t is equivalent in if to a term s(r) G T{E,G) where G := 
Ge{E, V). We will call s(r) a normal form of t in E — in general, a term may 
have more than one normal form. We will say that a term t is in normal form 
if it is already of the form t = s(r) G T{E, G). Because V C G, it is immediate 
that A-terms are in normal form, as are terms in G. We will say that a term t 
is E-reducible if it is not in normal form. Otherwise, it is E -irreducible . 

We will make use of normal forms in our combination procedure. In partic- 
ular, we will consider normal forms that are computable in the following sense. 

Definition 6 (Computable Normal Forms). Let E be a set of constructors 
for the equational theory E over the signature fl. We say that normal forms are 
computable for E and E if there is a computable function 

NFf : T{fl,V) — > T{E,G) 

such that NF^(t) is a normal form oft, i.e., NF^(t) =e t. 
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Notice that DefinitionHdoes not entail that the variables of NF^(t) are included 
in the variables of t. However, if Vq := Var(NF§ (t)) \ Var(t) is nonempty, then 
7r(NF^(t)) is also a normal form of t for any injective renaming tt of the variables 
in Vq. Consequently, if Vi is a given finite subset of V, we can always assume 
without loss of generality that Var(NFg(t)) \ Var(t) and Vi are disjointjAs a 
rule then we will always assume that the variables occurring in a normal form 
NF^(t) but not in t, if any, are fresh variables. 

An important consequence of Definition His that, when normal forms are 
computable for S and E, it is always possible to tell whether a term is in normal 
form or not. 

Proposition 7. Let E be a set of eonstruetors for the equational theory E over 
the signature fl and assume that normal forms are computable for E and E. 
Then, the E -reducibility of terms in T{f2,V) is decidable. 

We provide below two examples of equational theories admitting constructors 
in the sense of DefinitionH But first, let us consider some counter-examples: 

— The signature A := 17 := {/} is not a set of constructors for the theory E 
axiomatized by {a; = f{x)} because Definition^^J is not satisfied. 

— The signature E := {/} C {f,g} =: 17 is not a set of constructors for the 
theory E axiomatized by {^(a;) = f{g{x))} because Theorem is not 
satisfied. In fact, the term g(x) does not have a normal form. (The signature 
{f,g}, however, is a set of constructors for the same theory.) 

— Finally, take 17 := {/,<?} and E := {/} and consider the theory E := 
{f{g{x)) = fifigix)))}. Then we have Ge{E, V) = V\J{g{t) \ t G T{Q, C)}. 
It is easy to see that conditions H and H of Theorem H hold. However, 
condition Q does not hold since f{g{x)) =e fifig{x))), although f{y) ^e 

/(/(y))- 



Example 8. The theory of the natural numbers with addition is the most immedi- 
ate example of a theory with constructors. Consider the signature E\ := {0, s, -|-} 
and the equational theory E\ axiomatized by the equations below: 

X + {y + z) = {x + y) + z, x + y = y + x, x + s{y) = s{x + y), a; -1-0 = a;. 

It can be shown that the signature A := {0, s} is a set of constructors for E\ in 
the sense of Definition H The proof in Q uses the fact that orienting the third 
and fourth equation from left to right yields a canonical term rewrite system 
modulo the first two equations. Note that the restriction of E\ to A (i.e., the 
theory Ei^) is the syntactic equality of A-terms. 



^ Otherwise, we apply an appropriate renaming that produces a normal form of t 
satisfying such disjointness condition. 
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Example 9 . Consider the signature IJ2 '■= {0, 1, rev, •} and the equational theory 
E2 axiomatized by the equations below: 

X ■ {y ■ z) = {x ■ y) ■ z, rev(O) = 0, rev(l) = 1, 

rev(a; • y) = rev(y) • rev(a;), rev(rev(a;)) = x. 

The signature S' := {0, 1, ■} is a set of constructors for E2 in the sense of 
Definition^ The proof in Q depends on the fact that orienting the equations 
from left to right yields a canonical term rewriting system. This example differs 
from the previous one in that the restriction of the theory to the constructor 
signature is no longer syntactic equality: E2^ expresses associativity of 

Combination of Theories Sharing Constructors 

For the next results, in which we go back to the problem of combining equational 
theories, we will consider two non-trivial equational theories Ei, E2 with respec- 
tive countable signatures Ei, E2 such that E \= EiC\ E2 is a, set of constructors 
for El and for E2, and Ei^ = E2^ ■ 

The proposition below — which is important in the proof of correctness of our 
combination procedure — is an easy consequence of Propositionjand Corollary^ 

Proposition 10. Ear i = 1,2, let Ai he an Ei-free Ei-algehra with a countably 
infinite set Xi of generators, and let Yi := | r G GE{Ei,V)}, where 

is any hijective valuation ofV onto Xi. Let ipi,ip2 he conjunctions of equations 
and disequations of respective signature E\,E2. If ipi is satisfiable in Ai with 
Var(Lpi) n Var((^2) taking distinct values over Yi for i = 1,2, then <p\ A <p2 is 
satisfiable in EiU E2- 

The following theorem shows that being a set of constructors is a modular 
property. Thus, the application of the combination procedure described in the 
next section can be iterated. 

Theorem 11. Let E\, E2 be two non-trivial equational theories with respective 
signatures Ei, E2 such that E := E\ f] E2 is a set of constructors for E\ and 
for E2, Ei^ = E2^ , the word problem for Ei is decidable, and normal forms are 
computable for E and Ei for z = 1, 2. Then, the following holds: 

1 . E is a set of constructors for E := EiU E2- 

2. = Ei^ = E2^. 

3 . Normal forms are computable for E and E. 

The (quite involved) proof in Q shows that the three conditions in Theorem | 
are satisfied. It depends on an appropriate characterization of Ge{E, V). Modulo 
E, this set is identical to the set G' defined below. 

Definition 12. Eor z = 1,2, let Gi := GEi{E,V). The set G' is inductively 
defined as follows: 

1 . Every variable is an element of G' , that is, V C G' . 
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2. Assume that r{v) € Gt for i £ {1, 2} and r is a tuple of elements of G' such 
that the following conditions are satisfied: 

(a) r(v) V for all variables v G V; 

(b) rfc(e) ^ Ei for all components r^ of f; 

(c) the tuple v consists of all variables of r without repetitions; 

(d) the tuples v and r have the same length; 

(e) i"k i"i ifvk^ri occur at different positions in the tuple r. 

Then r(f) € G'. 

Notice that Gi C G' for i = 1,2 because the components of r above can also be 
variables. Also notice that no element r of G' can have a shared symbol as top 
symbol since r is either a variable or a term “starting” with an element of Gi. 



4 A Combination Procedure for the Word Problem 

In this section, we will present a combination procedure that allows us to derive 
the following decidability result for the word problem in the union of equational 
theories sharing constructors: 

Theorem 13. Let E\, E 2 be two non-trivial equational theories of signature Ei, 
E 2 , respectively, such that E := Eif] E 2 is a set of constructors for both E\ and 
E 2 , and Ei^ = E 2 ^ . If for i = 1,2, 

— normal forms are computable for E and Ei, and 

— the word problem in Ei is decidable, 

then the word problem in E\ U E 2 is also decidable. 

From Theorem ^Jit follows that, given the right conditions, the combination 
procedure applies immediately by recursion to more than two theories: 

Corollary 14. Let E be a signature and E\, . . . , En be n equational theories of 
signature Ei, . . . , E„, respectively, such that E = Eif\ Ej and Ei^ = Ej^ for 
all distinct i,j G {1, . . . ,n}. Also, assume that E is a set of constructors for 
every Ei. If for all i G {1, . . . , n}, 

— normal forms are computable for E and Ei, and 

— the word problem in Ei is decidable, 

then the word problem in Ei U ■■■ U En is decidable and normal forms are com- 
putable for E and EiU ■ ■ - U En. 

As shown in Section J the word problem for E := Ei Li E 2 can be reduced to 
the satisfiability problem for disequations of the form sq ^ to, where sq and to are 
{El U A 2 )-terms. By variable abstraction, this disequation can be transformed 
into an equisatisfiable formula ipi A :p 2 , where ipi is a conjunction of i-pure 
equations and disequations {i = 1,2). We will use finite sets of (dis) equations 
in place of conjunctions of such formulae, and say that a set of (dis) equations 
is satisfiable in a theory iff the conjunction of its elements is satisfiable in that 
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theory. It turns out that the finite set of (dis)equations obtained by applying 
variable abstraction is what we call an abstraction system. Before we can define 
this notion, we must introduce some notation. 

Let x,y G V and T be a set of equations of the form v = t where v G V 
and t G T{Ei U S 2 ,V)\V. The relation ^ is the smallest binary relation on 
{x ^y} LiT such that, for all u = s,v = t G T, 

(x^y) ~<{v = t) IS V G {x, y}, 

{u = s) ^ {v = t) IS V G Var{s). 

By we denote the transitive and by the reflexive-transitive closure 
of The relation ^ is acyclic if there is no equation v = t in T such that 
(v = t) {v = t). 

Definition 15 (Abstraction System). The set S := {x ^ y} U T is an ab- 
straction system with initial formula x ^ y ijf x,y gV and the following holds: 

1. T is a finite set of equations of the form v = t where v G V and t G 
{T{E,,V)UT{E2,V))\V; 

2. the relation ^ on S is acyclic; 

3. for all {u= s),{v = t) G T, 

(a) if u = V then s = t; 

(b) if {u=s)^{v = t) and s G T{Si, V) with i G {1,2} then t(e) ^ Ei. 

Condition Q above states that T consists of equations between variables and 
pure non- variable terms; Condition Q implies that for all {u = s),{v = t) G T, 
if {u = s) -<* {v = t) then u ^ Var(t); Condition 1^3 implies that a vari able 
cannot occur as the left-hand side of more than one equation of T ; Condition ^3 
implies, together with Condition Q, that the elements of every ^-chain of T 
have strictly alternating signatures , Ei, E 2 , Ei, E 2 , ■ . ■)■ 

Every abstraction system S induces a finite graph Qs '■= (5', whose set of 
nodes is S and whose set of edges consists of all pairs (ni, 712 ) G S x S such that 
ni -< U 2 - According to Definition^] Qs is in fact a directed acyclic graph (or 
dag). Assuming the standard definition of path between two nodes and of length 
of a path in a dag, the height h(n) of the node n is the maximum of the lengths 
of all the paths in the dag that end with n| 

We say that an equation of an abstraction system S is reducible iff its right- 
hand side is Ei-reducible (i.e., not in normal form) for i = 1 or i = 2. The 
disequation in S is always irreducible. In the previous section, we would have 
represented the normal form of a term in T{Ei,V) (i = 1,2) as s{q) where s 
was a term in T(E, V) and q a tuple of terms in Gsi^E, V). Considering that 
GEi{E, V) contains V because of the assumption that 27 is a set of constructors, 
we will now use a more descriptive notation. We will distinguish the variables 
in q from the non- variables terms and write s{y,r) instead, where y collects the 
elements of q that are in V and r those that are in Ge^E, V) \ V. 

Since Qs is acyclic and finite, this maximum exists. 



4 



184 



F. Baader, C. Tinelli 



Input: (so, to) £ T{Si U S 2 , V) x T(^S\ U S 2 , V^)- 

1. Let S be the abstraction system obtained by applying variable abstraction to 
So ^ to- 

2. Repeatedly apply (in any order) Colli, Coll2, Ident, Simpl, Shari, Shar2 to 
S until none of them is applicable. 

3. Succeed if S has the form {v ^ v} L)T and fail otherwise. 



Fig. 1. The Combination Procedure. 



The combination procedure described in Fig.^decides the word problem for 
the theory E := Ei U E2 by deciding the satisfiability in E of disequations of 
the form sq ^ to where sq, to are ( 27 i U if2)-terms. During the execution of the 
procedure, the set S of formulae on which the procedure works is repeatedly 
modified by the application of one of the derivation rules defined in Fig.^ We 
describe these rules in the style of a sequent calculus. The premise of each rule 
lists all the formulae in S before the application of the rule, where T stands 
for all the formulae not explicitly listed. The conclusion of the rule lists all the 
formulae in S after the application of the rule. It is understood that any two 
formulae explicitly listed in the premise of a rule are distinct. 

In essence. Colli and Coll2 remove from S collapse equations that are valid 
in El or E2, while Ident identifies any two variables equated to equivalent Ei~ 
terms and then discards one of the corresponding equations. The restriction that 
the height of y = t he not smaller than the height of a; = s is there to preserve 
the acyclicity of In these rules we have used the notation t[y] to express that 
the variable y occurs in the term t, and the notation T[x/t] to denote the set 
of formulae obtained by substituting every occurrence of the variable x by the 
term t in the set T. 

Simpl eliminates those equations that have become unreachable along a 
path from the initial disequation because of the application of previous rules. 
This rule is not essential but it reduces clutter in S by eliminating equations 
that do not contribute to the solution of the problem anymore. It can be used 
to obtain optimized, complete implementations of the combination procedure. 

The main idea of Shari and Shar2 is to push shared symbols towards lower 
positions of the ^-chains they belong to so that they can be processed by other 
rules. To do that the rules replace the reducible right-hand side t of an equation 
X = t hy its normal form, and then plug the “shared part” of the normal form 
into all equations whose right-hand sides contain x. The exact formulation of 
the rules is somewhat more complex since we must ensure that the resulting 
system is again an abstraction system. In particular, the “alternating signature” 
condition of Definition^Jmust be respected. 

In the description of the rules, an expression like z = f denotes the set 
{zi = ri, . . . , = r„} where z = {zi, . . . , Zn) and f = (ri, . . . , r„), and s{y, z) 

denotes the term obtained from s{y, r) by replacing the subterm Vj with Zj for 
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T u^v x = t[y] y = r 

T\x/r\ {u^v)\x/y\ JW7 

if t is an i-term and y ~Ei t for i = 1 or i = 2. 

TnlP ^ x = t[y] 

T\^ 

if t is an *-term and y =e^ t for i = 1 or i = 2 
and there is no (y = r) £ T. 

,T X = s y = t 

T\xjy\ y = t 

if s, t are i-terms and s =Ei t for i = 1 or i = 2 
and X ^ y and h(® = s) < h{y = t). 



Simpl 



T X = t 



li X ^ Var{T). 



T u ^ V X = t yi = ri 

T[x/s(y, z)\yi/f^_\\ z = f u^v x = s{y, f) yi = fi 
if (a) t is an i?i-reducible i-term for i = 1 or i = 2, 

(b) NFg{t)=s{y,f)^V, 

(c) r non-empty, 

(d) 2 fresh variables with no repetitions, 

(e) fi irreducible (for both theories), 

(f) yi Q '^ 0 ‘r{s{y, f)) and {x = s{y, f)) ^ {y = r) for no {y = r) £ T. 

Shar2 — u^v x = t yi=ri 

T[a;/s[yi/ri]] u^v a; = s[yi/ri] yi = n 
if (a) t is an ifi-reducible i-term for i = 1 or i = 2, 

(b) NFf^(t) = se T{E,V)\V, 

(c) ri irreducible (for both theories), 

(d) yi C Var{s) and {x = s) ^ {y = r) for no {y = r) £ T. 



Fig. 2. The Derivation Rules. 



each j £ {1, . . . ,n}. Observe that this notation also accounts for the possibility 
that t reduces to a non- variable term of GEi{S,V). In that case, s will be a 
variable, y will be empty, and r will be a tuple of length 1 . Substitution expres- 
sions containing tuples are to be interpreted accordingly; e.g., \zjr\ replaces the 
variable Zj by for each j £ {!,... ,n}. 

In both Shar rules it is assumed that the normal form is not a variable. The 
reason for this restriction is that the case where an z-term is equal modulo Ei to 
a variable is already taken care of by the rules Colli and Coll2. By requiring 
that r be non-empty, Shari excludes the possibility that the normal form of the 
term t is a shared term. It is Shar2 that deals with this case. The reason for 
a separate case is that we want to preserve the property that every ^-chain is 
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made of equations with alternating signatures (cf. Definition^^^J). When the 
equation x = t has immediate ^-successors, the replacement of t by the if-term 
s may destroy the alternating signatures property because x = s, which is both a 
Si- and a i72-equation, may inherit some of these successors from x = t|shar2 
restores this property by merging into s all the immediate successors of a; = s — 
which are collected, if any, in the set yi = fi. Condition (d) in Shar2 makes 
sure that the tuple yi = fi collects all these successors. The replacement of yi 
by fi in Shari is done for similar reasons. In both Shar rules, the restriction 
that all the terms in fi be in normal form is necessary to ensure termination. 



A Sketch of the Correctness Proof 

As a first step to proving the correctness of the combination procedure, we can 
show that an application of one of the rules of Fig. transforms abstraction 
systems into abstraction systems, preserves satisfiability, and leads to a decrease 
w.r.t. a certain well-founded ordering. This ordering can be obtained as follows: 
every node in the dag corresponding to the abstraction system S is associated 
with a pair {h,r), where h is the height of the node, and r is 1 if the corre- 
sponding (dis) equation is reducible, and 0 otherwise. The abstraction system S 
is associated with the multiset M{S) consisting of all these pairs. Let □ be the 
multiset ordering | induced by the lexicographic ordering on pairs. 

Lemma 16. Assume that S' is obtained from S by an application of one of the 
rules of Fig. Q 

1. If S is an abstraction system, then so is S' . 

2. S is satisfiable in E\ U E 2 iff S' is satisfiable in E\\J E 2 ■ 

3. M{S) 

The second point of the lemma implies soundness of our combination proce- 
dure, that is, if the combination procedure succeeds on an input (so,fo)j then 
So =EiUE 2 to- Since the multiset ordering □ is well-founded, the third point 
implies that the procedure always terminates. The first point implies that the 
final system obtained after the termination of the procedure is an abstraction 
system. This fact plays an important role in the proof of completeness of the 
procedure. The completeness of the combination procedure, meaning that the 
procedure succeeds on an input (so,to) whenever sq =EiUE 2 to, can be proved 
by showing that Proposition ^Jcan be applied (see for details). 

5 Related work 

In this section, we investigate the connection between our notion of constructors 
and the one introduced in [^. Before we can define the notion of constructors 

® Recall that we assume, without loss of generality, that the variables in 
Var(s) \ Var(t) do not occur in the abstraction system (cf. the remark after Def- 
inition^. Thus, the equations in y = f are in fact successors oi x = t. 



Deciding the Word Problem 



187 



according to Q, called DKR-constructors in the following, we need to introduce 
the notion of a monotonic ordering. An ordering on T(f], V) is called monotonic 
if s > t implies /(..., s, .. .) > /(..., t, ... ) for all s, t e T{f2, V) and all 
function symbols / G 17. In the rest of the section, we will consider a non-trivial 
equational theory E of signature fl and a subsignature A of 17. 

Definition 17. Let > be a well-founded and monotonic ordering on 
The signature E is a set of DKR-constructors for E w.r.t. > if 

1. the =E congruence class of any term t G T(f2,V) contains a least element 
w.r.t. >, which we denote by and 

2. f{ti,. . . ,tn)l% = f{til%, . . . ,tnl%) for all f G E and fl-terms ti, . . . 

We will call the DKR-normal form of t, and then say that t is in DKR-normal 
form whenever t = tl^. For the theory E\ in ExampleJ it is not hard to show 
that the signature E is set of DKR-constructors for E\ w.r.t. an appropriate 
well-founded and monotonic ordering. 

ExampleOshows that a set of constructors in the sense of DefinitionOneed 
not be a set of DKR-constructors. In fact, as shown in Q, the definition of DKR- 
constructors implies that, if A is a set of DKR-constructors for E, then E^ is 
the theory of syntactic equality on H-terms. This implies that, in Example B 
the signature E' is not a set of DKR-constructors for E 2 . 

To show that the notion of DKR-constructors is a special case of our notion 
of constructors, we need a representation of the set Ge{E, V). 

Lemma 18. Let E be a set of bkr- constructors for E w.r.t. >. Then Ge{E, V) = 
{rGT{G,V)\rl>{e)^E}. 

Using this lemma, it is not hard to show the next proposition. 

Proposition 19. If E is a set of DKR-constructors for E w.r.t. >, then E is a 
set of constructors for E according to Definition^ 

The definition of DKR-constructors does not assume that DKR-normal forms 
are computable. In Q, this is achieved by additionally assuming that the so- 
called symbol matching problem is decidable. 

Definition 20. We say that the symbol matching problem on E modulo E 
is decidable in T{fi,V) if there exists an algorithm that decides, for all t G 
T{Q, V), whether there exists a function symbol f G E and a tuple of 12-terms 
t such that t =E f{t). We say that t matches onto E modulo E if t =e f{t) for 
some f G E and some tuple i of 12-terms. 

As pointed out in B, if the symbol matching problem and the word problem 
are decidable for E, then a symbol f G E and a tuple of terms t satisfying 
t =E f(t) can be effectively computed, whenever it exists. In fact, once we 
know that an appropriate function symbol in E and a tuple of 17-terms exists, 
we can simply enumerate all pairs consisting of a symbol f G E and a tuple 
t of 17-terms, and test whether t =e f{i). We call an algorithm that realizes 
such a computation a symbol matching algorithm on E modulo E. Using such 
a symbol matching algorithm, we can define a function NF^ for E and E with 
the following recursive definition. 
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Definition 21. Assume that E is set of dkr- constructors for E w.r.t. >, the 
word problem for E and the symbol matching problem on E modulo E are de- 
cidable, and let M be any symbol matching algorithm on E modulo E. Then, let 
NFg be the function defined as follows: For every t € T{Q, V), 

1. NFg(t) := /(NF^(ti), . . . ,NFg(t„)) ift matches onto E modulo E and f is 
the E-symbol and (fi, . . . ,tn) the tuple of f2 -terms returned by M on input 
t. 

2. NF^(t) :=t, otherwise. 

Lemma 22. Under the assumptions of Definition's the function is well- 

defined and satisfies the requirements of Definition^f 

This lemma, together with Proposition^S entails that Theorem 14 in Q can be 
obtained as a corollary of our Theorem^3 

Corollary 23. Let El, E 2 be non-trivial equational theories of signature Ei, E 2 , 
respectively, such that E := EiUE 2 is a set of dkr- constructors for both E\ and 
E 2 - If for i = 1,2, the symbol matching problem on E modulo Ei is decidable, 
and the word problem in Ei is decidable, then the word problem in E\ U E 2 is 
also decidable. 

A third notion of constructors has been introduced in term rewriting in the 
context of modularity properties for term rewriting systems: a constructor is a 
function symbol that does not occur at the top of a left-hand side of a rule. 
It is easy to see that, for complete (i.e., confluent and strongly normalizing) 
term rewriting systems, this notion of constructors is a special case of the notion 
of DKR-constructors. A finite complete term rewriting system provides a deci- 
sion procedure for the word problem. Although the union of two complete term 
rewriting systems sharing constructors need not be complete, this union is at 
least semi-complete (i.e., confluent and weakly normalizing), which is sufficient 
to obtain a decision procedure for the word problem (see, e.g., Q for details). 
The main difference between this combination result and ours, in addition to 
the greater generality of our constructors, is that we do not assume that the 
word problem in the component theories can be decided by a complete or semi- 
complete term rewriting system, that is, our approach also applies in cases where 
the decision procedure is not based on term rewriting. 

6 Future Work 

As mentioned in the introduction, Q also contains combination results for uni- 
fication and matching, whereas the present paper is concerned only with the 
word problem. Thus, one direction for future research would be to extend our 
approach to the combination of decision procedures for the matching and the 
unification problem as well. 

Another direction would be to extend the class of theories even further by 
relaxing the restriction that the equational theory over the constructors be 
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collapse- free. A crucial artifact to our completeness proof is the set Ge{S,V), 
which is used to obtain the (countably infinite) set of generators of a certain free 
algebra. When the equational theory over the constructors is not collapse-free, 
Ge{S, V) is empty, and thus cannot be used to describe this set of generators. 
An appropriate alternative characterization of the set of generators might al- 
low us to remove altogether the restriction that the equational theory over the 
constructors be collapse-free. 
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Abstract. We present an abstract completion- based method for find- 
ing normal forms of terms with respect to given rewrite systems. The 
method uses the concept of a rewrite closure, which is a generalization of 
the idea of a congruence closure. Our results generalize previous results 
on congruence closure-based normalization methods. The description of 
known methods within our formalism also allows a better understanding 
of these procedures. 



1 Introduction 

Efficient procedures for normalization of expressions are crucial for the practical 
performance of rewrite-based systems. A straightforward approach to normaliza- 
tion, by a “straight-line” sequence of individual reduction steps, each consisting 
of matching and subterm replacement, may be expensive if it requires many 
steps. For instance, suppose a term /(a) can be rewritten to a normal form a in 
n reduction steps. Then the normalization of the term may require twice 

as many steps, as /(/(a)) is first rewritten to /(a) (in n steps) and then to a (in 
n more steps). Note that the two subsequences consists essentially of the same 
reduction steps, though applied to different terms. There have been attempts to 
store the “history” of reductions in a suitable way so as to avoid repetition of 
such “equivalent” reduction sequences. The aim is to generate, once the subterm 
in /(/(a)) has been reduced to a, the normal form a from the intermediate term 
/(a) in a single additional step. Such a “non-oblivious” normalization method 
requires n -I- 1 steps in this case, though the individual steps are usually different 
from standard matching and subterm replacement. The key question is how to 
store the application of rewrite rules in a way that can be efficiently exploited 
for performing future reductions. 

Chew QQ had the fundamental insight to adapt techniques developed for 
congruence closure algorithms (cf.. Nelson and Oppen Q) to normalization with 
history. Congruence closure algorithms apply to finite sets of variable-free equa- 
tions and yield a compact representation of the underlying equational theory, 
in that unique representatives are assigned to equivalent terms. Normalization 
usually needs to be done for rewrite systems (i.e., sets of directed equations) 
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with variables, which may represent infinitely many variable-free equations over 
the given term domain. Chew’s method therefore combines a “dynamic” ver- 
sion of congruence closure with a method for selecting rewrite rule instances 
needed to normalize a given input term. Whenever additional rule instances are 
selected, the congruence closure algorithm is applied incrementally to update 
the representation of term equivalences. Once a term has been rewritten, the 
congruence closure represents it by its current normal form and thus effectively 
stores the history of previous reductions. If no further useful rule instances can 
be selected, one either obtains a normal form for the input term or else detects 
non-termination of the rewriting process. (Non-terminating rewrite systems may 
also cause the selection process to continue indefinitely.) 

Chew’s work applies to orthogonal rewrite systems, but was extended by 
Verma to priority rewrite systems. The description of these methods is tech- 
nically involved. We develop a different, more abstract view of this approach 
to normalization by formulating it in terms of standard techniques from term 
rewriting, such as completion and narrowing. More specifically, the basic method, 
and various optimizations, are described in terms of transformation rules in the 
style of Bachmair and Dershowitz Q. 

We briefly describe congruence closure by transformation rules in Section^ 
and explain its application to normalization in Section^ Optimizations of the 
basic method by using a modified congruence closure, called a rewrite closure, 
are discussed in Section^ Finally we outline further optimizations for the special 
cases of orthogonal and convergent rewrite systems in Section ^ 

2 Abstract Congruence Closure 

First we briefly introduce the concept of an “abstract congruence closure” which 
forms the basis of our approach to nonoblivious normalization. We assume that 
the reader is familiar with the basic notions and terminology of term rewriting; 
for details see |. 

Let Shea, signature consisting of constants and function symbols, and V be a 
set of variables. We mostly deal with variable-free, or ground, terms; and denote 
by 'T(S) the set of all ground terms over S. The symbols s,t,u,... are used 
to denote terms; f,g,.. ., function symbols; and x, y,z, . . ., variables. We write 
E[t] to indicate that an expression E contains t as a subterm and (ambiguously) 
denote by E[u] the result of replacing a particular occurrence of t by u. (The 
same notation will be employed if if is a set of expressions.) By Ea we denote 
the result of applying a substitution a to E. 

An equation is a pair of terms, written s « t. We usually identify the two 
equations s « t and t « s; if the distinction is important, we call the equation 
a rewrite rule and write s ^ t. K rewrite system is a set of rewrite rules. The 
rewrite relation — induced by a set of equations R is defined by: u — t if, 
and only if, u contains a subterm la and t = u[ra\, for some rewrite rule / ^ r in 
R and some substitution a. The equational theory induced by R is the reflexive, 
symmetric, and transitive closure of this rewrite relation. 
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A term t is said to be in normal form with respect to a rewrite system R, or 
in R-normal form, if there is no term u, such that t u. We write s — t to 
indicate that t is a i?-normal form of s. A rewrite system is said to be (ground) 
confluent if all (ground) terms have a unique normal form. Rewrite systems that 
are (ground) confluent and terminating are called (ground) convergent. 

Congruence closure algorithms may be viewed as methods for constructing 
ground convergent rewrite systems for given equations, but over an extended sig- 
nature. The extension of the given signature is limited to the introduction of new 
constants and can be combined with techniques similar to (ground) completion, 
as pointed out by Kapur Q. 

For example, let Eq be the set of equations {/a ~ fb, ffb « a, /6 « a} over 
the signature E = {a, b, /}. New constants cq, . . . , C4 are introduced to represent 
the different subterms in Eq, as specified by the following rewrite rules: 

Uq = {a — > Co, 6 ^ Cl, fco — > C2, fci C3, /C3 ^ C4}. 

Rewrite rules of the form 

f (ci , . . . , Cfc) > Cq 

where f G E and cq, ci, . . . , Ck are constants in a set K disjoint from E, are 
called D -rules (with respect to E and K). 

The H-rules represent the structure of the given terms, whereas equations 
between these terms can be represented by equations between constants from K, 
which we call C -equations or C -rules. For example, Eq is represented by three 
C-equations, C2 « C3, C4 ~ cq and C3 « cq. 

Let i? be a set of C-rules and D-iules (with respect to E and K). We say 
that a constant c in K represents a term t in T{E U K) (via R) if t — c. A 
term t is said to be represented by R if it is represented by some constant via 
R. For example, the constant C2 represents the term fa via Dq. 

Definition 1 . Let E be a signature and K be a set of constants disjoint from E. 
In addition, let E be a set of ground equations overT{E\JK). A ground rewrite 
system R = C U D of C-rules and D-rules is ealled an (abstract) congruence 
closure for E ( with respect to E and K) if 

(i) each constant c € K that is in normal form with respect to R represents 
a term t G T{E) via R, 

(ii) R is ground convergent (over T{E\J K)), and 

(Hi) for all terms s and t in E{E), we have s t if, and only if, s — 




The rewrite system Rq = Dq U Cq, where Cq = {c2 ^ C3,cq — > C4,cq — > C3}, 
is not a congruence closure for Eq, as it is not ground convergent. But we can 
obtain a congruence closure from Rq by a completion-like process described next. 

Our description is fairly abstract, in terms of transformation rules in the 
style of Bachmair and Dershowitz, see ^ Q. The transformation rules operate 
on triples (K,E,R), where K is the set of newly introduced constants (the 
original signature E is fixed); E is a set of ground equations over E yet to be 



Normalization via Rewrite Closures 



193 



processed; and R is the set of C-rules and H-rules that have been derived so far. 
Triples may be viewed as possible states in the process of constructing a closure. 
A key transformation rule is the introduction of new constants. 



Extension: 



{K,E[f{ci,...,Cr,)],R) 

{K U {c},E[c],RU {/(ci, • • - ,Cfc) ^ c}) 



where / S E, ci, . . . , Cfc are constants in K, and c ^ E U K . 

Once a Z3-rule /(ci , . . . , Cfc) ^ c has been introduced, it can be used to 
eliminate other occurrences of /(ci , . . . , Cfc). 



Simplification: 



{K,E[s],RU {s ^ t}) 
{K,E[t],RU {s ^ t}) 



where s occurs in some equation in E. 

Evidently, any equation in E can be transformed to a C-equation by suitable 
extension and simplification steps. We orient C-equations into rewrite rules. 



Orientation: 



{K,EU{ck d},R) 
{K,E,R\j{c^ d}) 



if c and d are constants in K with c 
Trivial equations can be deleted. 



4 



Deletion: 



{K,EU{cf^ c},R) 
{K,E,R) 



Construction of convergent rewrite systems requires primarily the following 
transformation rule. 



Superposition: 



{K, if , i? U {t — > c, t — > d}) 
{K, E U {c d}, RU {t ^ d}) 



ii t —>■ c and t d are D-rules. 

The efficiency of completion also depends on additional transformation rules 
for simplification of rewrite rules, usually called “collapse” and “composition” 
rules; see details. 

We write ^ hcc C to indicate that a state ^ can be transformed to in 
one step by one of the above rules. By a derivation we mean a sequence of such 
transformation steps, ^CC Ci ^CC ‘ ‘ ‘ from an initial state (0, if, 0). (It can 
be shown that derivations based on the above transformation rules are always 
finite.) 

^ We assume that a total reduction ordering on ground terms is supplied initially and 
extended appropriately whenever a new constant is introduced. For our purposes, 
it is sufficient to use a lexicographic path ordering based on a total precedence for 
EU K, such that f >~ c, whenever f £ E and c £ K . 
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The following table shows some of the intermediate states of a derivation 
from (0, Eo, 0), where = {fa « /5, ffb a, fbfv a| 



i 


Constants Ki 


Equations Ei 


Rules Ri 


0 


0 


Eo 


0 


I 


{co, . . .,03} 


{ffb ~ a, /6« a} 


{a ^ Co, b^ Cl, fco C3, 

fci C3, C2 ^ C3} 


2 


Ki U {ca} 


{fb « a} 


Rl U {/C3 ^ C4, Co ^ C4} 


3 


K2 


0 


R2 U {co ^ C3} 


4 


K2 


0 


^ C4, b ^ Cl, f C4. ^ C4, f Cl ^ C4 

C2 ^ C4, Co ^ C4, C3 ^ C4} 



The final rewrite system R 4 is a congruence closure. 

In general, exhaustive application of the transformation rules will result in a 
final state of the form (K, 0, R), where i? is a congruence closure. 

Theorem 1. If {K, 0, R) is the final state of a derivation from (0, E, 0), then R 
is a congruence closure for E. 

3 Normalization Using Congruence Closure 

We next outline how to apply congruence closures to the problem of finding, 
given a rewrite system TZ and a ground term t, a normal form of t with respect 
to 7?.| Let us first consider the simple case when 7?. is a ground rewrite system. 

For example, suppose we want to normalize the term f^a with respect to the 
rewrite system Rq = {fa ^ fb, ffb a, fb ^ a}. We already know that that 
i?4 is a congruence closure for TZq. First we compute the normal form of f^a by 
i?4, which is C4. Then we identify an irreducible term over the signature E that 
is represented by C4. The definition of a congruence closure guarantees that such 
a term exists, in this example, we get a. Thus, we have f^a C4 <— a and 
conclude that a is a normal form of /®a. 

This approach is simple, but needs to be generalized to rewrite systems with 
variables. The basic idea is to select one or more instances la ra of rules in 
TZ that can be used to reduce (a subterm of) t and to apply congruence closure 
to them, so that a normal form t' of t (with respect to the selected instances) 
can be identified. If t' is also in normal form with respect to TZ, we are done; 
otherwise, further rule instances need to be selected to reduce t' . This yields a 
method that incrementally applies congruence closure to selected instances of 
given rewrite rules. Two key issues to be addressed are selection- how to select 
instances, and termination- how to efficiently identify that a term is in 7?.-normal 
form. Selection, it turns out, can be done by a simple narrowing process. 

^ In all examples, new constants will be ordered as follows : a >- Cj if i < j. 

^ It is sufficient to consider ground terms t, The normal form of a general term u can 
be easily obtained from a normal form of the ground term u, where u is obtained 
from u by replacing each variable by a new constant. 
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3.1 Narrowing 

We say that a term t narrows to a term t' (with respect to a rewrite system 
R) if there exist a non-variable subterm s of t and a rewrite rule I R € R, 
such that (i) s is unifiable with I and (ii) t' is obtained from ta by replacing the 
subterm sa by ra, where ct is a most general unifier of s and 1. 

In our context, the term t to be normalized, and all its subterms, are rep- 
resented by constants via a congruence closure R. We will present a simple 
narrowing procedure to determine whether some left-hand side I of a rule in TZ 
can be narrowed to a constant via R, i.e., whether there exists a substitution a, 
such that la c. Any rule instance la — > ra selected by narrowing in this way 
will then be used for incremental extension of the congruence closure R. 

We use transformation rules to describe the narrowing process for selection of 
rule instances from a rewrite system TZ = {li —>■ ri, . . . ,l„ —>■ r„}. The transfor- 
mation rules operate on states {K, R, S), where K is & set of constants disjoint 
from S, R IS & congruence closure, and S is sequence of n sets {S\, . . . ,Sn)- 
Each set Si consists of pairs {l[, at), where hai — l[. The pairs (^', ai) indicate 
candidates to be selected among rule instances. Selection of ha — > ria is possible 
if a term l[ is a constant. If a term l[ is not a constant, but can not be reduced 
further, then the corresponding candidate pair can be deleted, as selection will 
be impossible. 

The formal transformation rule is as follows. 



Narrowing: 



(AT, j?, (...,Lj- U{(s[t],g)},...)) 
(i^,A,(...,L,UL',...)) 



where t is either a constant or a non-variable non-constant innermost subterm 
of s and either (i) t can be narrowed by R, in which case L' is the set of all 
pairs (s[c](Ti, aa\) such that ta\ = u for some rule u ^ c in i?, or (ii) t is not a 
constant and cannot be narrowed, in which case L) = 0. 

We write rj \~s rj' to indicate that a state rj can be obtained from rj' by 
application of this narrowing rule. It can easily be shown that derivations by 
narrowing are always finite. The final state of such a derivation is a triple 
{K, R, {Li , . . . , Ln)) where each set Li contains only pairs (c, cr), c G K. 



3.2 Normalization 

We now have the two main components of a non-oblivious normalization method- 
the congruence closure transformation relation \~cc and the narrowing trans- 
formation relation hg. We describe normalization by rules operating on tuples 
{TZ, t, K, E, R, S), where 7^ is a rewrite system, t is the term to be normalized, 
{K, E, R) represents the current state of a congruence closure computation, and 
S indicates current candidates for selection. We define: 

{TZ, t, K, E, R, A) {TZ, t, K', E' , R', A) 

if {K, E, R) \~cc {K' , E' , R'), where A denotes a sequence of empty sets; and 

{TZ, t, K, 0, R,S)^n (7^, t, K, 0, R, S') 
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if (AT, i?, S) hs {K, R, S') and {K, 0, R) is a congruence closure final state. 

In short, we distinguish between two phases during normalization: congruence 
closure rules are applied when no candidates for selection are available, whereas 
narrowing is only performed in the presence of a (completed) congruence closure. 

An initial state for a normalization derivation is a tuple (TZ,t, {c}, {c « 
t}, 0, A), where A is a sequence of empty sets and c is a constant not contained 
in E. The first stage will consist of a congruence closure computation, which has 
the effect of representing all subterms of the term t to be normalized. 

The following transformation rules are used to connect congruence closure 
and narrowing stages and to determine when the normalization process is done. 

Narrowing is initiated as follows. 



Initialization: 



{TZ,t,K,iD,R, A) 

(7^,^,i^,0,i^,({(/l,id)},...,{(/„,id)})) 



if the state {K, 0, R) is a congruence closure final state. (The symbol id denotes 
the identity mapping.) 

If the narrowing phase is successful, further rule instances can be selected. 



Selection: 



(7^, t, K, 0, R, (Li, . . . , Lj U {(c, g)}, . . . , L„))) 
(JZ, t, K, {Ija Tjcr}, i?, A) 



ii c G K. The rule Ija rja which is moved to the set E in this rule, will be 
called a selected, or, processed rule. In general, we can move more than one rule 
instance to the E component without affecting any results. 

Computation of a congruence closure may change the representation of equiv- 
alences. Instead of initiating another narrowing phase, we may check whether a 
normal form term is already represented. 



Detection: 



{n,t,K,tt>,R, A) 
t* 



if (i) the state (AT, 0, R) is a congruence closure final state, (ii) there is a C G 
T{E) such that t — c t*, and (iii) t* is not further reducible by 7^.1 
Terminating in a state t* means that we output t* as the normal form of t. 
For example, consider the problem of normalizing the term fa with respect 
to TZ — {a —f b, fx^ gfx, gfb —>■ c}. The initial state obtained by the initial- 
ization rule is /Oj {co}j {co ~ fa}, 0, A). We first obtain a congruence 

closure. 



6 = /a, {co,ci,C2},0,{a^ ci,/ci ^ C2,co ^ C2}, A), 

and then initialize a narrowing phase, with initial candidates ({(a, id)}, {{fx, id)},- 
{(5/6, id)}). Observe that a narrows to cq by the identity mapping. We select 

^ This inference rule can be effectively applied. We simply non-deterministically guess 
for each constant d G K , a. D rule /(• ■ ■) —> d. Then the required t* is one which 
reduces to c using these guessed rules, and which satisfies condition (iii). 



Normalization via Rewrite Closures 



197 



the rule a b and continue with a congruence closure computation, obtaining 
C3,a ^ C3, fcs C2,ci ^ C3 ,cq ^ C2}. Now fx can be narrowed 
to a constant with the substitution x C3. Thus we select the rule instance 
/c 3 ^ gfcs next. Eventually, we identify c as a normal form-term of fa and 
terminate using the detection rule. 

We emphasize that the above transformation rules are only correct when 
the rewrite system TZ is confluent. For example, if we attempt to normalize the 
term gfa with respect to the non-confluent rewrite system TZ = {a ^ b, fa 
gfa, gfb c}, then we could terminate with fb as the normal form of gfa. 

3.3 Soundness and Completeness 

Let denote the set of all ground instances of the rules in TZ over the 

extended signature E U K. Corresponding to every derivation we have a set 
F C ixiTZ) of rules processed during that derivation. The R-extension of F is 
defined to be the set of all equations sp tp, where s — > t is an equation in 
F and p is a mapping from K to T{E), such that c cp, for all constants c in 
K. This notion of is crucial in establishing completeness of the procedure. 

Theorem 2. (Soundness) If a rewrite system TZ is confluent and a derivation 
from {TZ, t, {c}, {c « t}, 0 , A) terminates with t* , then t* is an TZ-normal form of 

t. 



In order to establish completeness of the procedure, we need to make sure 
that some normal form of t is eventually represented. For this, we require fairness 
conditions. 

Definition 2. A rule instance ka — > Via is said to be selectable with respect to 
K and R if U can be narrowed to a constant c G K via R, i.e., ka — >Jj. c. 

Definition 3. A derivation is said to be fair if (i) the Detection rule is (even- 
tually) applied if it is ever applicable, or, (ii) every selectable rule instance with 
respect to any intermediate sets Ki and Ri of the derivation, is eventually se- 
lected. 

A fair reduction strategy ensures that enough rule instances are processed so as 
to guarantee the representation of normal form term. 

Theorem 3. (Completeness) If t G T{E) has a TZ-normal form then a fair 
derivation starting from state {TZ,t, {c}, {c « t\,%,A) terminates in state t* , 
where t* is in TZ-normal form. 

One difficulty with the inference rules for normalization is that the termi- 
nation checks essentially involve a non-deterministic step. To make this more 
efficient, we can store some information about which rules to use to find normal 
form terms in the congruence closure itself. This will be discussed next. 
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4 Rewrite Closure 

In order to make the termination checks more efficient and useful, the basic 
congruence closure procedure requires additional refinements, so that one can 
determine whether a given represented term is in normal form or not. We will 
achieve this by marking certain rules, or, in other words, we will partition the set 
D into two sets: marked rules X, and unmarked rules N . The idea would be that 
terms represented by the left-hand sides of N rules will be F^-irreducible. Hence 
while searching for normal forms in the termination rules, instead of guessing, 
we will use the 7V-rules directly. 

Definition 4. An abstract congruence closure R = D U C for F is called a 
rewrite closure if, the set D can he partitioned into N\JX such that for all terms 
t in F{X) represented by D, t is in normal form with respect to if, and only 
if, it is represented by N. 

Equivalently, we can also say that a congruence closure D = N U X is a 
rewrite closure for F if for every t G F{S), t is E^-irreducible, iff, any reduction 
sequence starting with t contains only N steps, and no X steps. For example, 
let F = {ffa — > fffa, fffa fa}. If we let Nq be the set of two rules, a — > cq 
and fco ci; and Xq be a set of one rule, fc\ c\, then Aq U Xq is a rewrite 
closure for F. Rewrite closures need not always exist, though. Consider the set 
of equations F' = {fffa — > ffa, fffa fa}. We cannot get a rewrite closure 
from the abstract congruence closure Di = {a ^ cq, /cq ^ ci, fc\ ^ ci} for 
F' . Since a, fa and ffa are all in normal forms, we are forced to have all the 
D-rules in Ri in the set Nq. 

Note that there are several ways in which the set of D-rules can be parti- 
tioned. If s ^ f is a rewrite rule in F, then its left-hand side s is called an 
F -redex (or simply a redex). One method is to put all D-rules, whose left-hand 
sides represent F-redexes, into the set X. Rules in X are therefore also called 
redex rules. We write s — > t to indicate that s ^ t is a rule in N, and s ^ t 
to indicate that s t is a rule in X. If /(ci , . . . , Cfc) ^ cq is a rule in X, then 
the term /(ci, . . . , Ck) is also called a redex template. However, using this scheme 
for marking rules we may not still get a rewrite closure. We need the additional 
property of persistence. 

Let t[la] — t[ra] be a (one step) reduction using the rewrite rule I ^ r G R. 
This reduction will be called a non-root reduction, denoted by if la is a 
proper subterm of t; otherwise this is called a root reduction, denoted by 

Definition 5. Let R be a abstract congruence closure for a set of ground rules 
F over T{EU K) . The set F is said to have the persistence property with respect 
to R if whenever, there exist terms ffti, • • • , t„), f{t[, • • • , G T'(T’) such that, 
f{ti, ■ ■ ■ ,tn) is F3 -reducible at the top (root) position, and f{ti, • • • , 

f{t[, • • • , it is always the case that, f{t[, • • • , is F^-reducihle. 

The idea behind the persistence property is simple. Since we put every redex- 
template in the set X, this simply means that we assume that all the terms 
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represented by that template are reducible. The persistence property is true 
whenever this is actually the case. 

Lemma 1. Let F be a finite set of equations over U K). A congruence 
closure R of F can be extended to a rewrite closure if F has the persistence 
property with respect to R. 

The converse of this theorem is however false, as the set F = {a ^ b, fa^ 
c, c —> fb} is not persistent (with respect to its abstract congruence closure), 
but the congruence closure can be extended to a rewrite closure. 



4.1 Construction of Rewrite Closures 



We give a set of transition rules (similar to the ones for congruence closure), that 
would compute the rewrite closure for a given T’, assuming that the persistence 
property holds. 

The extension inference rule, which introduces new constants as names for 
subterms, is the same as before except that now it creates 7V-rules. We have to 
be a little careful in simplification rules, as we cannot simplify at the top of the 
left hand side. 



Simplification: 



{K,F[s],R\J{s^t}) 

{K,F[t],R\J{s^t}) 



where s is either a subterm of a right-hand side of a rule in F, or else a proper 
subterm of a left-hand side. Note that only proper subterms of left-hand sides 
of rules in F can be replaced. 

It is fairly easy to see that any rewrite rule in F can be transformed to 
a D-rule by suitable extension and simplification steps. The final D-rules are 
eliminated from F as follows. 

(^,J^U{/(ci,---,Cfc)^c},R) 

Orientation: 

{K,F,RU{f{cu---,Ck)^c}) 



if /(ci, . . . , Cfc) — *■ c is a D-rule with respect to S and K. Note that orientation 
generates a redex rule. 

In the superposition rule too, we have to be careful with the markings. 

{K,F,RU{t^cf^d}) 

Superposition: 

{K,F,RU{t^ d,c^ d}) 



if (i) t c and t d are D-rules, (ii) c >- d, and (iiil 03 is n only in the case 
when both ai and 02 are n; in all other cases, 03 is 

The other rules like deletion and collapse can be similarly formulated. 

® In other words, t — > d is a redex rule in the new state if, and only if, at least one of 
the two superposed rules is a redex rule. 
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The following table shows some states of a derivation from the initial state 
(0, Eo, 0), where = {fa fb, ffb « a, /5 « a}. 



i 


Constants Ki 


Equations Ei 


Rules Ri 


0 


0 


Eo 


0 


1 


Co, Cl, C2 


ffb Kia,fbKia 


n 1 IT- p n p X 

a ^ Co, 0 — > Cl, JCi ^ C2, fco C2 


2 


Ki 


fbzs a 


to 

O 


3 


K2 


0 


i?2, fci A Co 


4 


K2 


0 


n 1 el p X p X 

a ^ C2, 0 ^ Cl, fci C2 fC2 ^ C2 Co ^ C2 



The rewrite system i ?4 is a rewrite closure for Eq. 

Using lemma J we know that any derivation constructs a rewrite closure 
whenever E satisfies the persistence property. We use the symbol hflc to denote 
the one-step transformation relation on states induced by the above transfor- 
mation rules. Final states are states of the form {K, 0, R) such that no further 
transition rules can be applied to them. 



4.2 Normalization via Rewrite Closure 



The normalization procedure described earlier, can now be optimized by replac- 
ing the use of congruence- do sure by rewrite-closure. The additional marking 
information in the rewrite closure can be used to optimize the Detection infer- 
ence rule: Essentially all we are saying is that in order to find a normal form 
in the equivalence class c, we need to check for only those term t' such that 

f! f. 

c c. 

We just mention those inference rules of the normalization procedure which 
now look different. The congruence-closure phase now is replaced by the rewrite- 
closure phase. The initialization, and selection rules are the same as in section^ 
The new Marked- Detection rule uses the unmarked N rules to find a normal 
form term. 



Marked-Detection: 



{n,t,K,tt>,R, A) 
t* 



if (i) {K, 0, R) is a rewrite closure final state, (ii) there is a, t* G such that 

t — c t* , where R = N \J X \J C and (iii) t* is in 7?.-normal form. 

To establish soundness and completeness, all we need is (a) the confluence of 
TZ, (b) persistence of the processed set of rules, and (c) a strategy that ensures 
that the normal form term is eventually represented. The soundness theorem | 
holds under these new rules. To ensure (c) (for completeness), we still have to 
use all the D rules for narrowing (and not just N rules). Fairness then would 
guarantee (c). 

Theorem 4. (Completeness) If t G T'{E) has a TZ-normal form t* then a fair 
derivation starting from state {TZ, t, {c}, {c « t}, 0, A) in which the processed rule 
instances E is always (eventually) persistent, terminates in state t* . 
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The conditions of fairness and persistence are complementary. In order to sat- 
isfy persistence, we should process fewer and only particular rules. On the other 
hand, to satisfy fairness we are required to process as many rules as possible. For 
example, informally, an innermost strategy in choosing instances to process shall 
always process sets of instances that are persistent. But, unfortunately, such a 
strategy may violate fairness. In the next section, we consider two special cases 
of rewrite systems TZ where we can effectively satisfy both conditions together 
and use the normalization transition rules to find normal forms. 



5 Special Cases 



Next we further improve the method for normalization with orthogonal and 
convergent rewrite systems. It appears wasteful to use all of the D-rules in the 
narrowing process. To compute normal forms we only need to select rule in- 
stances that reduce current irreducible terms. Intuitively, only fV-rules need to 
be employed by narrowing, as they represent irreducible terms. In fact, sound- 
ness is preserved by this restriction. Completeness, however, is only preserved in 
certain special cases, which we discuss next. 

We redefine the narrowing phase of normalization as follows: 

{n,t,K,tb,N\JX\JC, S) Fa, {n,t,K,tb,N\J X\JC,S') 



if {K, N, S) \~s {K, N, S') and {K, 0, IV U X U C) is a rewrite closure final state. 
Now the detection rule can be refined also. 



Refined-Detection: 



{TZ, t, K, 0, R, S) 
t* 



if assuming R=NUXUC,we have (i) {K, N, S) is a narrowing final state, (ii) 
there is a t* € T{X) such that t c ^ t*, and (iii) none of the constants 
that appear in the derivation t* ->-n c occur in (as the first component in) any 
element of any set in S. 

Since we are narrowing with a restricted set N, we can also terminate if a 
narrowing phase produces no candidates for selection. 



Termination: 



{TZ,t,K,tt>,R, A) 
Q 



if assuming R = N \J X C we have (i) the state {K, 0, i?) is a rewrite closure 
final state, (ii) the state {K, N, A) is a narrowing final state, and (iii) 17 = t* if 
there is a t* G such that t — s-’fj c C; and 17 = _L, otherwise. 

Terminating in a state _L means that we output “no normal form of t exists” . 



5.1 Normalization in Orthogonal Systems 

We first discuss normalization of terms with respect to so-called “orthogonal” 
rewrite systems. A rewrite system TZ is called orthogonal if (i) all its rewrite rules 
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are left-linear (i.e., contain no multiple occurrences of the same variable in any 
left-hand side) and (ii) it is nonoverlapping (i.e., without critical pairs except 
trivial ones of the form t ^ t). We need the following well-known result [Tj . 

Lemma 2. Every orthogonal term rewriting system is confluent. 

In addition, for orthogonal rewrite systems root reducibility of terms is preserved 
in the following sense. 

Lemma 3. Let TZ be an orthogonal system. Let t be root reducible (by an in- 
stance of the rule I ^ r G TZ) and also reducible to t' at a non-root position by 
some rule in TZ. Then t' is root-reducible by an instance of the rule I —> r. 

Using the previous two lemmas, it can be shown that irrespective of the 
strategy chosen to select rewrite rule instances, the set of these instances is 
confluent, and persistent. Hence, we can conclude the following. 

Theorem 5. Lf TZ is an orthogonal rewriting system, then given any term and 
a fair strategy, the inference system outlined above finds its normal form with 
respect to TZ, if one exists. 

5.2 Normalization in Convergent Systems 

In order to perform normalization of terms with respect to convergent systems, 
we need a strategy to ensure that normal form term will be eventually repre- 
sented and that the processed rule instances are persistent. Intuitively, for con- 
vergent systems, the normal form term will always eventually get represented 
under any strategy for choosing the next instance, as convergent systems are 
confluent and terminating. Using an innermost strategy allows us to satisfy per- 
sistence. 

Definition 6. Let la — *■ ra and I' a' — > r' a' be two selectable instances (with 
respect to only the unmarked rules now). Say la c and I' a' — d . An in- 
nermost strategy is one that makes sure that if there exists a term t[c] containing 
c such that t[d\ d , then the rule la — *■ ra is chosen first. 

Lemma 4. Suppose that in a derivation, we choose the next instance to process 
using an innermost strategy. If we choose to process the instance la^ ra^ at 
some point, then for every proper subterm t of la^ , there exists a constant c such 
that t ^)ViUCi ^ always eventually (assuming constants introduced earlier are 
smaller than constants introduced later). 

When TZ is convergent, by performing an induction on the number of appli- 
cations of the selection rule, we can show that an (i) innermost strategy is unam- 
biguous; (ii) the processed set of rules satisfy the persistence property whenever 
rules are chosen using an innermost strategy; (iii) the ii-extension of the pro- 
cessed rules is convergent; and (iv) each new constant in normal form represents 
exactly one term in T(U) via iV-rules. Once this result is proven, it is straight- 
forward to establish the correctness result. 

Theorem 6. Let TZ be a convergent rewriting system. Then given any term, the 
inference system outlined above finds its normal form. 
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6 Conclusion 



Normalization of terms by a given set of rewrite rules is critical for the efficient 
implementation of rewrite-based systems. Simple straight-line reduction methods 
can be made more efficient by incorporating a history of reduction steps into the 
normalization process, so as to avoid repeating similar rewrite steps. Chew [£] 
adapted congruence closure techniques to obtain a practical technique such a 
non-oblivious normalization procedure. Chew’s procedure applies to orthogonal 
systems, but was refined and generalized by Verma and Ramakrishnan il' and 
Verma Q. 

We have presented a general formalism, based on transformation rules, within 
which both Chew’s original method and variants thereof, as well as more gen- 
eral normalization procedures, can be described. The most comprehensive pre- 
vious results were obtained by Verma Q, who specified several postulates on 
a (priority) rewrite relation, which suffice to ensure completeness of a rewrite 
closure-based procedure for normalization. The postulates that are relevant for 
standard rewrite relations imply that the given rewrite system be confluent and 
non-overlapping, which means that our results cover a broader class of rewrite 
systems. 

We believe that our approach sheds new light on the basic concepts underly- 
ing non-oblivious normalization in that it relates normalization methods to stan- 
dard term rewriting techniques, such as completion and narrowing. (For instance, 
our results seem to indicate that the concept of a “strong closure,” which plays 
a critical role in other completeness proofs, may not be intrinsic to non-oblivious 
normalization in general.) The transformation rules for the two basic components 
of non-oblivious normalization-congruence closure and narrowing-are essentially 
specialized versions of standard rules used to describe rewrite-based deduction 
and computation methods. Rules specific to non-oblivious normalization control 
the interface between the two components and the termination of the overall 
process. 

There are some similarities between these transformation rules and the “cal- 
culus of rewriting with sharing” designed by Sherman Q. This calculus operates 
on relations that can be described by D-rules and C-rules, and employs several 
transformations rules, most of which can be derived from transformations used 
in completion. The calculus contains a rule similar to superposition, though sur- 
prisingly, its application is not obligatory. This may reflect the fact that Sherman 
uses his calculus to provide an equational semantics for an implementation of a 
symbolic computation system, but does not address issues such as termination 
or completeness. 



Acknowledgments. We would like to thank the anonymous reviewers for their 
helpful comments and for directing our attention to Sherman’s work. 




204 



L. Bachmair, C.R. Ramakrishnan, I.V. Ramakrishnan, A. Tiwari 



References 

[1] L. Bachmair. Canonical equational proofs. Birkhauser, Boston, 1991. 

[2] L. Bachmair and N. Dershowitz. Equational inference, canonical proofs, and proof 
orderings. JACM, 41:236-276, 1994. 

[3] L. P. Chew. An improved algorithm for computing with equations. In 21st Annual 
Symposium on Foundations of Computer Science, 1980. 

[4] L. P. Chew. Normal forms in term rewriting systems. PhD thesis, Purdue Uni- 
versity, 1981. 

[5] N. Dershowitz and J. P. Jouannaud. Rewrite systems. In J. van Leeuwen, editor. 
Handbook of Theoretical Computer Science (Vol. B: Formal Models and Seman- 
tics), Amsterdam, 1990. North- Holland. 

[6] D. Kapur. Shostak’s congruence closure as completion. In H. Comon, editor, 
Proc. 8th Inti. RTA, pages 23-37, 1997. LNCS 1232, Springer, Berlin. 

[7] J. W. Klop. Term rewriting systems. In S. Abramsky, D. M. Gabbay, and T. S. E. 
Maibaum, editors. Handbook of Logic in Computer Science, volume 1, chapter 6, 
pages 2-116. Oxford University Press, Oxford, 1992. 

[8] G. Nelson and D. Oppen. Fast decision procedures based on congruence closure. 
JACM, 27(2):356-364, 1980. 

[9] D. J. Sherman and N. Magnier. Factotum: Automatic and systematic sharing 
support for systems analyzers. In Proc. TACAS, LNCS 1384, 1998. 

[10] R. M. Verma. A theory of using history for equational systems with applications. 
JACM, 42:984-1020, 1995. 

[11] R. M. Verma and I. V. Ramakrishnan. Nonoblivious normalization algorithms for 
nonlinear systems. In Proc. of the Int. Colloquium on Automata, Languages and 
Programming, New York, 1990. Springer- Verlag. 




Test Sets for the Universal and Existential 
Closure of Regular Tree Languages 



Dieter Hofbauer and Maria Huber 

Universitat GH Kassel, Fachbereich 17 Mathematik/Informatik, 
D-34109 Kassel, Germany 

{dieter , mar ia}@theory. inf ormatik . uni-kassel . de 



Abstract. Finite test sets are a useful tool for deciding the membership 
problem for the universal closure of a given tree language, that is, for de- 
ciding whether a term has all its ground instances in the given language. 
A uniform test set for the universal closure must serve the following pur- 
pose: In order to decide membership of a term, it is sufficient to check 
whether all its test set instances belong to the underlying language. 

A possible application, and our main motivation, is ground reducibility, 
an essential concept for many approaches to inductive reasoning. Ground 
reducibility modulo some rewrite system is membership in the univer- 
sal closure of the set of reducible ground terms. Here, test sets always 
exist, and several algorithmic approaches are known. The resulting sets, 
however, are often unnecessarily large. 

In this paper we consider regular languages and linear closure operators. 
We prove that universal as well as existential closure, dehned analo- 
gously, preserve regularity. By relating test sets to tree automata and to 
appropriate congruence relations, we show how to characterize, how to 
compute, and how to minimize ground and non-ground test sets. In par- 
ticular, optimal solutions now replace previous ad hoc approximations 
for the ground reducibility problem. 



1 Introduction 

Many approaches to inductive reasoning rely on the notion of ground reducibility, 
or inductive reducibility, in particular methods based on the so-called induction- 
less induction paradigm, see among many others. For a ‘rational 

reconstruction’ of the completion based versions as Noetherian induction on 
term orderings we refer to A recent application can be found 

in Q. 

A term is said to be ground reducible if all its ground instances are reducible. 
Ground reducibility was first shown decidable by Plaisted and Kapur, Naren- 
dran and Zhang {Q; they compute a finite ground test set depending on the 
term to be checked. Kounalis first proved the effective existence of finite uniform 
(non-ground) test sets, that is, test sets not depending on the input term 
cf. ^0^3, leading to the following ground reducibility check: A term is ground 
reducible if and only if all its test set instances are reducible. Several approaches 
for the construction of test sets for left-linear rewrite systems have been sug- 
gested, see among others. A recent inductive theorem prover based 

P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 205-^^| 1999. 

@ Springer-Verlag Berlin Heidelberg 1999 
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on test sets is reported in An alternative to the test set approach is the 

use of tree automata, in the non-linear case automata with constraints. For such 
(non-uniform) automata see . 

The universal closure operator introduced in this paper generalizes ground 
reducibility, replacing the language of reducible ground terms by an arbitrary 
tree language: A term belongs to the universal closure of a language if all its 
ground instances belong to that language. Also for this more general problem 
we introduce the notion of a test set. Using classical results from formal language 
theory, we show how to compute and minimize finite ground or non-ground test 
sets in the case where the underlying language is regular. This is general enough 
to cover the computation of test sets for ground reducibility in the linear case. 
Our main motivation to write this paper was to give a precise characterization 
of test sets, rendering obsolete the race for smaller and smaller test sets. All 
previously proposed approaches rely on concepts like tops, extensible positions, 
expandedness etc. and therefore seem to be somewhat ad hoc in retrospective 
as they only approximate optimal test sets. Those criteria, however, may still 
be very useful when complexity issues matter, or when additional properties 
(like completeness) are needed. Our contribution leads to a better understanding 
of test sets and bridges the gap between test set based and automata based 
approaches to ground reducibility. 

Restricting ourselves to linear terms is less limiting than it seems at first 
glance when we are interested in functional constructor based rewrite systems. 
Consider a ground convergent system which is sufficiently complete and construc- 
tor preserving relative to some constructor part of the signature, and where the 
set of ground normal forms is regular. These assumptions are very natural for 
many applications. Then a strongly equivalent left-linear system can be com- 
puted (19 Sect. 7, cf. Q^l). 

After briefly describing the algebraic and the formal language background in 
Section 9 and^ we introduce the universal and the existential closure operator 
in Section^ and prove that they preserve regularity. Ground test sets are treated 
in^3 fsst sets with variables in^3 The interested reader is also refered to fj, 
a more detailed version of this paper containing all proofs and some further 
examples. 

2 Term Monoids 

In order to describe the algebraic framework used in the sequel we begin with 
fixing notations for terms and instantiation operations. Let A be a one-sorted 
first order signature where each symbol has a fixed arity, and let Ts denote the 
set of ground terms over E. When dealing with linear terms and their instances, 
variable names are redundant. Only variable positions have to be indicated. 
For this purpose we use the constant symbol □, assuming a ^ E. The set of 
linear terms (or contexts) over E then consists of terms possibly containing the 
‘wildcard symbol’ □ and is denoted hy Cs = Tj;u{n}- We further write Ts{n) and 
Es [n] to denote terms with at most n or exactly n occurrences of □ respectively. 
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Hence Cs = U„>o^^ [n] and Tj;[0] = T^; the set Ts[V\ corresponds to what is 
called ‘special trees’ in and ‘pointed trees’ in The basic concatenation 
operation o:7i(l)x7i;— >7iis recursively defined by 

□ Ot = t, /(si,... ,Sn)ot= /(si Ot, ... ,S„ot). 

The same recursion equations naturally extend to an operation o : Cs x Ce —>■ 
Most important, however, is the extension o : Ce x VCe VCe to sets of term^ 
via 



□ o r = T, /(si ,Sn) oT = f{si oT,... ,SnOT) 

using the operation /(Ti, . . . , T^) = {/(ti, ■ ■ ■ ,tn)\ti G Ti} for sets of terms Ti 
from the power set term algebra; note that this gives {/} for n = 0. Different 
occurrences of □ may be instantiated by different terms, e.g., /(□,□) o = 

whereas /(□,□) ot = /(t,t). Finally, we will use 
o : VCe x VCe VCe with S oT = Uses soT. 

If i? C Ce is the set of left-hand sides of a left-linear term rewrite system 
then Red(i?) = TeII] o Ro Te is the set of reducible ground terms. (In different 
terminology, Red(i?) is the set of ground terms encompassing some term from 
R Its complement Nf(ii) = Te \ Red(i?) contains the corresponding 

irreducible ground terms, or ground normal forms. The sets RED(i?) and Np(i?) 
consist of all i?-reducible and i?-irreducible terms from Ce respectively. The 
following two examples will be reconsidered later. 

Example 1 (1) Addition of naturals modulo n > 0 is specified by the rewrite 
system 

a; -I- 0 — *■ a;, a; -|- s{y) s(x + y), s"(x) —>■ x 

over signature E = {0, s, -I-}. The set of left-hand side patterns in our setting is 
Ri = {n-l-0, n-l-s(n), s"(n)}. Here Nf(i?i) = {s®(0) | i < n], so Red(i?i) consists 
of all ground terms containing the symbol together with {s*(0) \i > n}. 

(2) Let i ?2 = {g{h\a)) 1 1 < z < n} U h{g{a))} over E = {a,g, h} for 

some n > 1. Then Red(i? 2 ) consists of all ground terms containing both g and 
h, so Nf(i? 2 ) = \ i > 0}. 

Monoid structures play an important role in this setting. The most promi- 
nent one is {Te{1): o, □); it has (7j;[l], o, □) as a submonoid. A monoid for term 
sets is (VCeVi {n}); it has ({{t} 1 1 G 7};(1)}, o, {□}) as a submonoid, which is 
isomorphic to {Te{T)^ o, □). Slightly more general algebraic structures {left-semi- 
modules ^3, or ‘automata ’ are needed when handling the heterogeneous 

operation o: Ce x VCe VCe. We will not go into details here, however. 



^ By VS we denote the power set of a set S. 
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3 Regular Tree Languages 



Regularity of tree languages can be characterized in various ways; see | 
among others. We will use tree automata, tree grammars, and congruence rela- 
tions in the sequel. 

A (finite hottom-up) tree automaton A is a finite rewrite system over S U Q 
where S is the terminal signature and Q is a set of constants disjoint to U, 
called states. Rules have the form f{Xi , . . . , A„) ^ Y with Xi, . . . , A„, Y G Q, 
/ S 27 of arity n. The language accepted by A in F C Q (the accepting states) is 



L{A) = {tGTs\3X GF:tA,j^X}. 



A regular tree grammar ^ is a finite rewrite system over 27 U TV where 27 is 
the terminal signature and TV is a set of constants disjoint to 27, called non- 
terminals. Rules have the form A — > t with X G N, t G T^un- The language 
generated by Q from S C N (the starting symbols) is 

L{g) ={tGTs\3X G S: X t}. 

Without changing the definition of L{Q) we can more generally allow arbitrary 
ground rewrite rules, i.e., rules of the form s ^ t with s,t G T^un, without 
leaving the class of regular tree languages 



Let R C Cs be a finite set of linear terms. Consider the regular tree grammar 
consisting of all rules according to one of the schemes 

A ^ /(□,...,□, A, X^t, /(□,...,□) 

for t G R, f G E. Choosing {A, □} as non-terminals and A as the only starting 
symbol, the grammar generates Red(i?). (Note that the grammar generates Ts 
from □.) If instead we choose A U {□} as terminal signature and A as the only 
nonterminal then the same ground rewrite systen| generates (from A) Red(R). 

An algebraic characterization of regularity can be based on ‘observational 
equivalence’ of terms or contexts w.r.t. membership in a given tree language. 
For a set L C define equivalence relations on and on Fs{l) by 

t^fz^t' iff \/s G Ts{l): s ot G L ^ s ot' G L, 

s ^gi s' iff Vt G Ts : sotGL^ s' otGL. 

These ‘syntactic’ equivalence relations are left and right congruences respectively 
in the sense that t ^gi t' implies sot ^gi sot' for all s G Fj;(l) and that 
s '-'eL s' implies sot ^gi s' ot for all t G Fs{l). 



^ Which is not a grammar since the rules □—>... rewrite a terminal symbol. 
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Example 2 (Exampl^^cont’d) (1) 

For L = Red(i?i) we get that s*(0) 
and s-^(O), i,j < n, are left congru- 
ent if and only if i = j. Indeed, for 
i < j the context s"“-’(n) separates 
these terms as o s®(0) ^ L 

and s”“-^ (n) o s-^ (O) € L. In general, 
all reducible ground terms form a 
class themselves, separated from ir- 
reducible terms by the ‘empty’ con- 
text □ . Thus the left congruence 
classes are Red(i?i), {s"“^(0)}, {0}. Analogously, the right congruence 

classes are the set Ai of all terms in Ts{l) containing + or being reducible, and 
the sets Nf(i?i), {□}, . . . , All tables in the rest of the paper are to 

be understood in the following way: columns refer to left congruence classes ( or 
representatives) and rows to right congruence classes (or representatives) respec- 
tively. A plus-entry in row s and column t means sot £ L, a minus-entry means 
sot ^ L. 





Red(i?i) 


s"-"(0) 




s(0) 


0 


Ai 


+ 


+ 


+ 


+ 


+ 


Nf(Ri) 


- 


- 


- 


- 


- 


□ 


+ 


- 


- 


- 


- 


s(n) 


+ 


+ 


- 


- 


- 




+ 


+ 




- 


- 




+ 


+ 


+ 


+ 


- 



(2) It is not difficult to verify that L = 
Red(i? 2 ) yields the left congruence classes 
Red(i? 2 ), {a}, {< 7 *(a) | z > 1}, {h'’{a) \ i > 
1}, and the right congruence classes A 2 = 
RED(i? 2 ) U {g*(/i^(n)) I z > 1, 1 < J < n}, 
Nf(i? 2 ), {□}, {-?*(□) I z > 1}, mo)\i > 
1}. Note that the index, i.e., the number of 
congruence classes, does neither depend on 
the size of the underlying term set nor on 
the depth of its terms in this example. 

We conclude by summarizing the characterizations of regularity mentioned 
above. 

Theorem 1 For L C the following properties are equivalent: 

(1) L is accepted by a tree automaton. (2) L is generated by a regular tree gram- 
mar. (3) L is generated by a finite ground rewrite system. (4) has finite 

index. (5) '—'^l has finite index. 





Red(i? 2 ) 


a 


5(a) 


h{a) 


A2 


+ 


+ 


+ 


+ 


Nf(i? 2 ) 


- 


- 


- 


- 


□ 


+ 


- 


- 


- 


5 (n) 


+ 


- 


- 


+ 


h{a) 


+ 


- 


+ 


- 



4 Universal and Existential Closure 

In this section we introduce the universal and the existential closure operator 
and prove as a main result that they preserve regularity. 

Definition 1 The universal closure U C Cs of a tree language L C consists 
of those terms that have all their ground instances in L, that is 

s G 1^ 



iff soTs C L. 
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Equivalently, s G L'^ if and only if^tG so : t G L. Analogously we define 
the existential closure C Cs of L as the set of terms that have some ground 
instance in L, that is s G LA if and only if3t G soTjj : t G L, or (with L = Ts\L) 

s G iff soTs % L. 

Example 3 Linear propositional formulas are terms over the signature {->, V, A, 
true, false, □}. When L is the set of all ground formulas whose value (under the 
natural interpretation) is true then LA is the set o/ tautologies whereas LA is the 
set of satisfiable formulas. 

If L is equal to Red(i?) for some set R C Cs then is the set of (linear) 
ground reducible terms w.r.t. R, that is, it contains those terms that have ir- 
reducible ground instances only. 

Example 4 (Example^^cont’d) The set Red(i?i)'^ of ground reducible terms 
w.r.t. R\ consists o/RED(i?i) together with all terms inCs containing the symbol 
+, a ‘defined’ symbol in the given specification. And Red(i? 2 )'^ is the set of all 
terms that contain both g and h. 

Theorem 2 The following properties are equivalent: (1) L is a regular subset 
ofTs- (2) LA is a regular subset ofCs. (3) LA is a regular subset of Cs. 

Proof. Regularity of LA or LA directly implies regularity of L since LAhTj] = 
nTs = L and Tj; is a regular subset of Ci;. 

To show that (1) implies (2) and (3) let A be an arbitrary, possibly non- 
deterministic, tree automaton over E accepting L. Let Q be its set of states 
and let F C Q be the set of accepting states. In order to fix notations, let 
A{t) = {X G Q\t X} and A{T) = A{t) for t G T^uq and T C T^uq. 
Without loss of generality we assume that A is complete and that all states 
are accessible, i.e., for any X G Q there is a ground term t with X G A{t), or 
equivalently A{Ts) = Q- 

The basic observation is that a term s G Cs is in lA if and only if all terms 
in s o Q are accepted by A. Similarly, s is in lAA if and only if some term in s o Q 
is accepted by A. 

Using A{Te) = Q we get A(soTs) = A{soA{Ts)) = A{soQ), and therefore 
s e iff soTe<AL iff yl(s o Te) =A{soQ)CF 
in the case where A is deterministi(| and 

s G iff soTe(3LA^ iff A{s o Te) (3 F = A{s o Q) n F A ^ 

for arbitrary A. Now, for P Q Q, define the automaton 

A[P] =Au{a^X\XGP} 

Note that determinism of A is used for the implication from soTe C L to A{soTs) G 

F. 
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over E U {□} and let B[P] be the standard power-set automaton for A[P\. (We 
get the same automaton B[P\ when we first construct the power-set automaton 
for A and then add the single rule a ^ P.) By construction, B[P] is deterministic 
and complete; for s G Ci; we write B[P]{s) = S for S C Q in case s ^g[p] S. We 
conclude by proving that and are accepted by B[Q] and A[Q] respectively: 

(i) L{B[Q\) = with {S' C Q | VX G S: X € F} = PF as set of accepting 
states if A is deterministic, 

(ii) L{A[Q]) = with F as set of accepting states, hence 

L{B[Q\) = with (S C Q | G S : X G F} as set of accepting states. 

Indeed, A{soP) = ^[P](s) = B[P]{s) implies s G iff ^[Q](s) = B[Q]{s) C F 
for deterministic A, which proves (i), and s G iff yl[Q](s)nF = B[Q]{s)C\F yf 0 
for arbitrary A, which proves (ii). □ 

For studying non-ground test sets in Section we have to generalize the 
above closure operators to non-ground languages L C Cs- Note, however, that 
already the ground part of L determines since = {L D TsY . The above 
theorem then reads as follows: 

L n Ts is regular iff lA is regular iff is regular. 

Another reason to consider non-ground languages is to obtain closure operators 
in the proper sense. Now universal closure is idempotent (i.e., {lAY — 
monotone (i.e., Li C L 2 implies Lf C and, under the additional assumption 
that L is closed under ground substitutions {L o C L), also extensive (i.e., 
L C L'^). For instance, languages of the form RED(i?) are closed under ground 
substitutions. The same remarks hold for existential closure as well. 

5 Test Sets 

By definition, a term is in the universal closure of a tree language L if all its 
ground instances are members of L. Instead of checking the typically infinite 
set of all ground instances it often suffices to check a smaller number of in- 
stances, preferably finitely many. Additionally we want the set of terms that is 
used for instantiations to be uniform for L, that is, independent of the term 
under consideration. Such a set is said to be a test set for the universal closure 
of L. Analogously we define test sets for the existential closure. The following 
definition is general enough to capture non-ground test sets. 

Definition 2 A set of terms T C Cs is a test set for the universal closure of 
L G_Cs if, for all s G Cs, 

sGL^ iff soT CL, 

and T is a test set for the existential closure of L if, for all s G Cs, 

sGL^ iff soTgL 

with L — Cs \ L. In both cases, T is a ground test set ifTC 
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Example 5 (Exampl^^l ) cant’d) Standard approaches from the literature yield 
Nf(i?i) of cardinality n as a test set. We will show in Example^fl) that in fact 
a singleton test set is sufficient. 

Membership in and respectively becomes decidable if a finite test 
set effectively exists. In Section show how to characterize and how to 

compute (minimal) finite ground test sets in case L is regular. Perhaps surprising 
at first glance, finite ground test sets might exist even for non-regular L. In 
general, however, finite ground test sets do not exist in the non-regular case. 
This is possible, for instance, for non-regular languages of the form L — Red(i?), 
whereas for languages L = RED(i?) it is known that finite (non-ground) test sets 
always exist. Section deals with non-ground test sets for regular languages. 
We explain why non-ground test sets can often be smaller than any ground test 
set, and again show how to obtain such sets. 

5.1 Ground Test Sets 

A set of ground terms T is a test set for the universal closure of a language 
L C Ts if s o Ts C L is equivalent to s o T C L for any s G Ce. In particular, the 
set Te of all ground terms is always a trivial test set. A general characterization 
of ground test sets can be given in terms of the equivalence relation on 

VTe defined by 

T ^cL T' iff Ws €Ce: soT C soT' C L. 

(Note that this is a left congruence in the sense that T ^cl T' implies SoT ^cl 
S oT' for any set S C Ce.) Then T is a ground test set for the universal closure 
of L if and only if 



T ^<ZL 

It turns out that we can replace quantification over all terms in the definition 
of ^cL by quantification over the much simpler set of terms with at most one 
variable. Defining 'PT's by 

iff Vs G Ti;(l): soTC L ^ soT' C L, 

we get that both congruence relations are identical. Stated differently, test sets 
for T^(l) = ly \^Te{1) are already test sets for When looking for ground test 
sets it therefore suffices to consider contexts with one variable only (as proven 
in Q). 

Lemma 1 The eongruences ^cl find on VEe coincide. 

As a further characterization, we establish a bijection between ground test 
sets on the one hand and certain automata on the other. For regular L let the 
automata A and B be as in the proof of Theoremfland assume A to be complete 
and deterministic. Now there is direct connection between ground term sets T 
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and state sets P C Q. Suppose A{T) equals P. Then the automaton B[P] accepts 
(in VF as before) if and only if T is a test set for the universal closure 
of L. This can be read in two directions: Given a test set T, the automaton 
B[A{T)] accepts . Conversely, given an automaton B[P] accepting , any set 
T proving the accessibility of P in ^ is a test set. Minimal test sets, in particular, 
correspond to minimal such sets of states with exactly the same cardinality. The 
proof of the following theorem can be found in . 

Theorem 3 (Characterizing ground test sets) Let L C be regular, let 
A he a deterministic automaton with states Q accepting L, and let B be defined 
as in the proof of Theorem^ For T C and P Q Q with P = A{T) the 
following properties are equivalent: (1) T is a test set for the universal closure of 
L. (2) T Te- (3) B[P] accepts LA in VF. Analogously, with L = Te\L the 
following properties are equivalent: (1) T is a test set for the existential closure 
of L. (2) T (3) A[P] accepts Lf in F. 

The left congruence on Fe and the left congruence on VFe are 
directly related by 

t^^Lt' iff L/t = L/t' and T T' iff L/F = L/F 
for t,t' &Fe, F,F' CFe using the quotients 

Lft = {s G Te{\-) \ sot G L} and LfF = Lft. 

teT 



Therefore bas finite index if and only if 

^CL on VFe has finite index if and only if L C Fe is regular. 

Another consequence is Fe ^cl ^ set F of representatives for ^Gi, 

hence those sets are test sets. Typically, however, much smaller test sets exist as 
shown by the examples below. 

Theorem 4 Each set of representatives for ^gl on Fe is a ground test set for 
the universal and the existential closure of L. Fherefore, finite ground test sets 
always exist for the universal and the existential closure of regular languages. 

We can interpret these observations in terms of tables as used in ExampleH 
First note that computing this kind of tables amounts to figure out finite sets of 
representatives for ^gl on Fe and '-'^l on Fe{1) respectively; this is possible 
just for regular L. Now, a term s is in T'^(l) if and only if the corresponding 
row contains no minus-entry. (Thus T^(l) is always a single right class.) More 
generally, checking F ^<zl T' amounts to collect rows that have a minus-entry 
below some term from F and F' respectively, and to check whether the two 
collections are equal. Hence F is a test set for the universal closure if and only 
if the corresponding columns ‘cover’ all existing minus-entries. 
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Theorem 5 It is decidable whether a given finite (or more general, regular) set 
of ground terms is a test set for the universal or existential closure of a given 
regular language. 

Ground supersets of ground test sets are test sets as well. Therefore we are 
interested in minimal test sets w.r.t. set inclusion, or in optimal test sets, that 
is, test sets of least cardinality. Finding a minimal test set in this way amounts 
to solve a minimum cover problem which is NP-complete in general Q. Note 
that we can also minimize arbitrary given ground test sets in the same manner. 

Theorem 6 Optimal ground test sets for the universal and the existential clo- 
sure of regular tree languages effectively exist. Minimality of a given ground test 
set is decidable. 



Example 6 (Example^^cont’d) (1) For L = Red(i?i) we obtain if = Ai, since 
the row for Ai contains only plus-entries. Although the set of representatives has 
cardinality n+1, a singleton test set exists: The set {0} is the only minimal (thus 
optimal) test set for the universal closure of L since the minus-entries of the last 
column cover the minus-entries of any other column, that is, {0} ^cl 'I'e- 
(2) For L = Red(i? 2 ) we get if = A 2 . In this example, two different minimal 
test sets exist (relative to the representatives chosen): 

{a} ^<ZL {5(a), ^(a)} ^cL Te 

shows that {a} as well as {g{a), h{a)} is a possible ground test set and it is easy 
to see that both are minimal. The only optimal ground test set is {a}. 



Example 7 Consider the schematic examples given in Figures (a)-(c) where 
To = {ti, . . . , tn} is a set of representatives for the left congruence on Ts- The 
singleton {tn} is the unique minimal test set (relative to To) in example (a). For 
(b) any two element subset of To is a minimal test set. And To is the unique 
minimal test set in example (c); note that here T T' holds if and only if 

T = T' for T, T' C To. All three schemes have instances of the form L = Red(i?) 
with finite linear R. For the sake of simplicity we left out the right class ifi in 
(b) and (c). 
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We conclude this section with two remarks on ground test sets for non-regular 
languages. 

(I) Finite ground test sets might exist also for the universal closure of non- 

regular languages, i.e., even in case the set of representatives for the left congru- 
ence is infinite (for an example see This shows that Theorem^ cannot be 

extended to a characterization of regularity. Interestingly, our example is again a 
language of the form Red(i?) with finite R. In this case, however, R is necessarily 
non-linear. 

(II) One might conjecture that finite ground test sets exist for the universal 

closure of any language of the form Red(i?) where R is an arbitrary (linear or 
non-linear) finite set. Indeed, finite non-ground test sets can always be effectively 
obtained for this class of languages . However, we cannot dispense with 

the generalization to non-ground test sets (again, see Q for an example). 

5.2 Non-ground Test Sets 

In connection with ground reducibility, usually test sets with variables are con- 
sidered. They are guaranteed to exist (also in the non-regular cas^, and variables 
are indispensable when additional properties, e.g. completenesiH are required. 
Furthermore, allowing variables often leads to smaller test sets. 

The idea underlying the use of non-ground-test sets is to test membership of 
test set instances relative to a superset of L. Since we cannot extend L by ground 
terms without changing its universal closure, we add terms over an enlarged 
signature instead. Here we consider the case where the constant symbol □ is 
added to 27; this gives ‘test sets with variables’ as studied in the literature on 
ground reducibility. Let L C as before and choose any set M C Cs with 

L<ZM CL^. 

Thus L = M f] Ts and therefore the universal closure of L and M coincide since 
then L'^ = (M n TeY = In this setting, we call T C Ce a test set for the 
universal closure of M if, for any s gCe, 

sGM'^ iff soTCM. (1) 

A good choice for M might be a set which is as large as possible, and at the 
same time simple enough to make membership for M easily decidable, i.e., a 
regular set. The two extremes, however, don’t make much sense: For M = L we 
are back to the ground case, and for M = we don’t gain anything as with the 
singleton test set T = {□} condition ^ becomes a tautology. In all examples 
of this section we choose L = Red(i?) and M = Red(R) for the respective set R. 

First we restrict our attention to terms with at most one variable. Consider 
the schematic example below where the ground part of the table (cf. Exam- 
pleH^c)) is enriched by three non-ground columns, i.e., we assume Si G Te(1), 
ti G Re-, Ci G Ce- Now a plus-entry stands for membership in M. 



4 



T C Ce is said to be complete for R if Nf(R) GTo Te- 
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Here the ground test set {ti, . . . ,t„} of 
cardinality n can be replaced by a test 
set with two elements, namely {ci,C2}, 
as these two terms cover all minus-entries 
in the ground part. It is important to 
note that C2 cannot be replaced by C3 in 
this test set, and C3 is not even allowed 
in any test set; although {01,03} covers 
all minus-entries, it also introduces new 
ones, thereby loosing the test set prop- 
erty: So G but So o C3 ^ M. 

In particular, this example shows that in the non-ground case the property of 
being a test set is not preserved in general when we go from sets to supersets. 

Example 8 (Singleton non-ground sets) Let R = {g{a), h{b) , g{h{a)) , h{g{a))} 
over S = {a, 5, g, K\. For the corresponding left and right classes in the table we 
use the notations g*(t) = | 0 < z| and g'^{t) = | 0 < i}. An optimal 

ground test set is {6, a}, whereas we can 
choose {□} as an optimal non-ground 
test set. The example is rather special 
as ground reducibility coincides with re- 
ducibility, that is, RED(i?)'^ = RED(i?). 
Note that this is the case if and only if the 
singleton {□} suffices as a test set. 

As in the previous section we can characterize also non-ground test sets in 
terms of congruences. For this purpose we replace by the left congruence 
^CM on VCs where, for T,T' C Cs, T ^cm T' is defined to be equivalent to 
Vs G Cs '.soTCM^soT'C M. 

Theorem 7 (Characterizing non-ground test sets) Let M C Ce. A set 

T C Ce is a test set for the universal closure of M if and only ifT Ts- 

Unfortunately, in contrast to the ground case, test sets T for M^(l) are not 
necessarily test sets for M^. They may cheat in every possible sense: In “s G 
iff s o r C M” neither the ‘if’ nor the ‘only if’ implication holds in general. 

Example 9 (Test sets for one-variable terms are not always general test sets) 

(1) Consider R= {/(a, □),/(□, a), /(□,/(□,□)),/(/(□,□), □)} over E = {a,f}. 
Then Nf(R) = Ce \ Red(R) = {a, □, /(□,□)} and Nf(i?) = {a}. Here, for 
terms in 17i;(l) ground reducibility is equivalent to reducibility, and test sets for 
Red(R)'^(1) are {a}, {□}, and {/(□,□)}, for instance. But T = {□} is not a 
test set for Red(R)^ since 

/(□,□) G Red(R)'^ but /(□,□) o T ={/(□,□)} 2 Red(R). 

(2) Let R = {h{a), h{h{a)), h{f{a, □)), f{h{a), /i(n)), /(□, /(□, □)), /(/(□,□),□)} 
over E = {a,h,f}. Then Nf(i?) = {a, f{a, a)} and Nf(R) = {a, h{o), f{a, a), 
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/(□, □), /(a, f{h{a), a)}. Among the test sets for RED(ii)'^(l) are {a} and 

Nevertheless T = is not a test set for RED(i?)'^ since 

/(□,□) ^ Red(R)'^ but /(□,□) o T = {/(/i(n), /i(n))} C Red(R). 

Hence an analogue to Lemmas does not hold. The question now is how to 
decide the relation ^cm in order to apply Theorem^ For this purpose we will 
consider several syntactic congruences for M over S' = 27U {□} as intermediate 
steps. Since the variable symbol □ now is already a constant in the signature S' 
we need another constant, ■ say, that will play the same role for S' as □ in the 
‘ground case’ for S. Denote hy Cs{n) and Ci;[n] the set of terms in Tiufn.B} with 
at most n and exactly n occurrences of ■ respectively, and define the operation 
• ■.Cs{l)xCs^Cshym»t = t and /(si , . . . , s„) • t = /(si • t, . . . , s„ • t); thus 
RED(ii) = RoCs, e.g. Then left and right congruence relations on 

Cs and on Cs{^) are given by 

t t' iff Vs G Cs{R} : s • t G M ^ s • t' G M, 

s s' iff ytGCs- s»tGM^s'»tGM. 

We conclude by sketching an algorithm for (minimal) non-ground test sets. Like 
in the ground case (Sect.^J we first compute sets of representatives for 
and «gM respectively. Now we can determine the relation ^cm on VCs ~ 
which coincides with ^cm (LemmaH “ where -^cm ^cm are defined in 
analogy to ^cl -^cl- In the ground case the algorithm would stop here. 
In the non-ground case, we are still looking for the congruence ^cm- Since 
the left congruence ^cm is refined by ^cm, we can use ^cm to compute 
the corresponding right congruence '-'cm (defined in the obvious way), which 
in turn finally yields ^cm- Now, according to Theorem B test sets for the 
universal closure of M are those subsets of a set of representatives for that 
are congruent modulo ^cm to T^- 

Example 10 (Exp.^fl) cont’d) In order to determine a correct test set, we 
first compute sets of representatives for on Cs and for ^gM on Cs{^) 

using any standard algorithm; the result is shown in the left table below. The 
right table represents the congruences ^cm on VCs and '-'cm on Cs- We get 

Re ^cm Red(i?) U {a} ^cm {/(a, a), a} ^cm {a} ^cm {/(□, □)}, 

and {a} and {/(□,□)} are the (only) minimal test sets. It becomes obvious now 
that {□} is incorrect as this set introduces a minus-entry in the last row where 
Ts has a plus-entry. (Note that Red(R) is a left class in the first table whereas 
Red(i?) and are representatives for left classes in the second.) 
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Theorem 8 Optimal test sets for the universal and the existential closure of 

regular tree languages effectively exist. It is decidable whether a given finite ( or 

regular) subset of Ce is a test set for the universal or existential closure of a 

given regular subset ofCs- Minimality of a given test set is decidable. 
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1 Introduction 

The wish to consider rewriting systems with bound variables emerges naturally. 
The various equations with bound variables that are present in both logic and 
mathematics give rise to rewrite rules as soon as they are oriented. The /3-axiom 
of lambda-calculus is oriented as {\x.M)N — > M\x := N], The so-obtained 
rewriting system was used to provide consistency proofs. Another well-known 
equation with bound variables is the axiom for ^-recursion. Its usual orientation 
gives rise to the rewrite rule fix.M M[x := ^x.M], Equivalences in logic 
may contain bound variables, like in -<3x.P{x) Va;.^P(a;). Also these equiva- 

lences can be turned into rewrite rules. Moreover, rules for proof normalisation 
may contain bound variables. Many equations occurring in mathematics con- 
tain bound variables, for instance if derivatives or integrals are present, like in 
/ f{x) + g{x)dx = J f{x)dx + J g{x)dx. Some aspects of the theory of a set 
of equations can be studied by considering the equations as rewrite rules, as is 
also done for first-order equations without bound variables. Further, functional 
programming languages may contain specifications of functions that take func- 
tions as arguments, like for instance the function map that takes as argument a 
function and a list, and that applies the function to every element of the list. 

This explains the need for a unifying theory of higher-order rewriting, where 
the rewrite rules may contain bound variables. 

The present paper aims at providing readers familiar with first-order term 
rewriting some intuitions of higher-order rewriting. The important feature of 
higher-order rewriting is that besides all first-order rewrite rules also rules with 
bound variables, like the ones for (3 and g, can be expressed. I focus on two 
subjects in the theory of rewriting, namely confluence and termination, and 
discuss how some results concerning these subjects can be be generalised from the 
first-order to the higher-order case. It is certainly not the intention to present this 
generalisation in a completely formal way; I just try to explain what difficulties 
arise due to the presence of bound variables, and how they can be overcome. 

P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 220-^^^ 1999. 

@ Springer-Verlag Berlin Heidelberg 1999 
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Very generally speaking, the additional combinatorial complexity of higher- 
order rewriting compared to first-order rewriting is caused by the possibility of 
nesting. For instance in the higher-order term rewriting system {f(x.z{x)) 
z{z{x)), g{z) — *■ h{z)} we have a rewrite step f{x.g{x)) — *■ g{g{x)) in which the 
redex g{x) is duplicated and the two residuals are nested. One of the conse- 
quences of this phenomenon is that invariants used in proofs should be closed 
under substitution. This theme plays a role throughout the paper. 

A systematic study of rewriting systems with bound variables starts with the 
work by Klop, who introduces in the class of combinatory reduction systems. 
Another impulse for the study of rewriting with bound variables originates in the 
work by Nipkow, who defines in the class of higher-order rewrite systems. 
Combinatory reduction systems form a generalisation of the class of contraction 
schemes defined in and can more generally be seen as standing in a tradition 
where extensions of lambda-calculus are studied. Examples of such extensions 
are lambda-calculus extended with infinitely many (5-rules that test for equality 
of closed normal forms, defined by Church (see Q), lambda-calculus with rules 
for surjective pairing, and the class of A(a)-reductions which consists of lambda- 
calculus with constants and rewrite rules for these constants Q. Higher-order 
rewrite systems were introduced with the aim to study the meta-theory of sys- 
tems like Isabelle and A-Prolog. 

The presentation of higher-order rewriting systems in this paper is mainly 
based on which builds on However, I would like to stress that 

the actual format of higher-order rewriting is not of the utmost importance 
here, since the paper is informal in nature. Moreover, the essence of concepts 
and proofs does not depend on the details of the chosen format. 

For various purposes other classes of rewriting systems with bound variables 
are introduced in the literature. To mention a two of them: expression reduc- 
tion systems ^3 are similar to combinatory reduction systems, but have been 
introduced independently, and interaction systems | form a subclass of com- 
binatory reduction systems that is introduced for the study of optimality. It is 
not hard to adapt the presentation of these two classes of systems, and of the 
one of combinatory reduction systems and higher-order rewrite systems, to the 
presentation of higher-order rewriting as chosen for this paper. 

Although the theory of higher-order rewriting is not as widely developed as 
the one of lambda-calculus or first-order rewriting, it is nevertheless by no means 
possible to give a complete overview in the present paper. Readers interested in 
the theory of equational reasoning and narrowing for higher-order rewriting are 
referred to and the literature mentioned there. Further, results concerning 



confluence and termination can be found in detail in 
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2 Higher-Order Rewriting 

We assume a set of base types. A simple type, usually shortly called a type, is 
either a base type or an expression of the form A B, with A and B types. For 
every type A a set consisting of infinitely many variables of type A is assumed. 
Variables are written as x, y, z, . . if necessary decorated with their types. 

A signature is a set of function symbols with a unique type. Function symbols 
are written as /, g, h, a,b, . . .; sometimes a more suggestive notation is used. 

A preterm of type A is a simply typed lambda-term of type A, inductively 
defined as follows, where s : A denotes that s is a preterm of type A: 

1. variables of type A and function symbols of type A are preterms of type A, 

2. if a; is a variable of type A, and s : B, then x.s : A ^ B, 

3. if s : A — !■ i? and t : A, then st : B. 

Preterms are denoted by s, t,r, . . .. Note that abstraction is written as x.s instead 
of Xx.s. In the preterm x.s, occurrences of the variables a; in s are bound. A 
variable occurrence that is not bound is said to be free. A preterm without 
bound variables is closed. Preterms are considered up to the equivalence relation 
generated by the renaming of bound variables, or a-conversion. 

In the remainder of this paper, all preterms are supposed to be in long-? 7 - 
normal form (also written as rj-normal form). That means that every subterm 
has the maximal number of arguments according to its type. Note that every 
type can be written as Ai ^ . . . ^ A„ — > B with B a base type. In an rj-normal 
form, a function symbol of type Ai — > . . . — > A„ — > B occurs always in a subterm 
of the form fs\ . . . s„ with si : Ai, . . . , s„ : A„, and similarly for variables. This 
permits to adopt the functional notation /(si, . . . , s„) instead of the applicative 
notation fs\ . . .Sn, and similarly for variables; this is often done in the sequel. 
A sequence of expressions e is usually abbreviated as e. 

We work modulo the equivalence generated by the /3-reduction rule, which 
is given as (x.s)t s[a; := t], with s and t arbitrary preterms. Here s[a; := t] 
denotes the result of substituting t for every free occurrence of x in s, renaming 
variables if necessary in order to avoid unintended capture of variables. 

We make use of the facts that /3-reduction is confluent and terminating on 
simply typed lambda-calculus, and that the set of ^-normal forms is closed under 
/3-reduction. Every /3-equivalence class of preterms contains a unique /3-normal 
form, which is used as a representative. Such a representative is called a term. 
Terms are the objects that are rewritten in a higher-order rewriting system. 

For the definition of a rewrite rule we first need to introduce the notion of a 
rule-pattern, which is a slight adaptation of the notion of pattern introduced in 
Q. A rule-pattern is a term of the form x.f{s) such that, first, every Xi G x 
occurs free in /(s), and second, every Xi € x occurs only in subterms of the form 
Xi{yi, . . ., ym) with yi, . . .,ym the TJ-normal forms of different bound variables 
not among x. The terms z.f{z) with z of some base type, and z.f{x.z{x)) with 
z of type A ^ B with B a base type, are examples of rule-patterns. The term 
z.f{z{x)) is not a rule-pattern because x is not bound, the term z.f{x.z{x, x)) is 
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not a rule-pattern because the arguments of z are not different bound variables, 
and the term z.z is not a rule-pattern because there is no occurrence of a function 
symbol after the outermost abstractions. 

A rewrite rule of a higher-order rewriting system is defined as a pair of closed 
terms of the form z.l z.r, with z.l a rule-pattern. In this paper, a higher-order 
rewriting system is usually described by giving the set of its rewrite rules. 

The next thing to define is the rewrite relation of a higher-order rewriting 
system. To that end we need to introduce the notion of context. We use the 
symbol or simply □, to denote a variable of type A that is supposed to be 
free. A context of type A is a term with one occurrence of The preterm 
obtained by replacing by a term s of type A is denoted by C[s]. 

Now the rewrite relation of a higher-order rewriting system, denoted by — 
is the relation on terms that is defined as follows: we have s — > t if there is a 
context C of type A, and a rewrite rule I —>■ r with I and r of type A, such that 
s is the /3-normal form of C\l] and t is the /3-normal form of C[r]. That is, such 
a rewrite step can be decomposed as 

s Jj*- C[l] — >■ C[r] t 

where denotes /3-reduction to /3-normal form. The requirement that the left- 
hand side of a rewrite rule must be a pattern makes the rewrite relation decidable 

D- 

In first-order term rewriting, a rewrite step is usually defined as C[la] —>■ 
C[ra\, with / — > r a rewrite rule, C a context, and a an assignment. In higher- 
order rewriting, simply typed lambda-calculus with /3-reduction is used to assign 
values to free variables in rewrite rules. Therefore lambda-calculus is called the 
substitution calculus of higher-order rewriting as defined here. It is possible to 
consider other calculi as substitution calculus. As a matter of fact, the substi- 
tution calculus of combinatory reduction systems and of expression reduction 
systems is not simply typed lambda-calculus with reduction to /3-normal form, 
but untyped lambda-calculus with complete developments. 

The rewrite rule /(z) ^ g{z), in the usual format of first-order term rewrit- 
ing, induces for instance a rewrite step /(a) ^ g{o,)- This rewrite rule is now 
written as z.f{z) z.g{z), and the rewrite step /(a) ^ f{b) is obtained as 
follows: /(a) {z.f{z)) a (z./(z)) b f{b). 

The signature of lambda-calculus consists of the two function symbols app : 
term — s- term ^ term and abs : (term ^ term) ^ term. Here term is the only 
base type; intuitively speaking it stands for the set of lambda-terms. The rewrite 
rules are given as follows: 

z.z'. app(abs(a;.z(a;)), z') z.z' . z(z') 

z. abs(a;.app(z, a;)) -2- -2 

The rewrite step app(abs(a;.a;), y) ^beta y is obtained as follows: 
app(abs(a;.a;), y) ' 0 ^ {z.z' .app{ahs{x.z{x)), z')){x.x)y ^b (z.z'.z(z'))(a;.a;)y y. 

Usually we adopt the convention that the outermost abstractions of rewrite rules 
are not written, that is, we write I — > r instead of z.l z.r. 
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3 Confluence 

A rewriting system is confluent if every two divergent rewrite sequences can be 
joined; that is, whenever f s —» t there exists a term r with t' ^ r t. 
Confluence is an important property because it guarantees that normal forms 
are unique. Moreover it provides a method to prove consistency. In this section 
we discuss some results concerning confluence of higher-order term rewriting. 

3.1 Orthogonality 

A first general confluence result for first-order term rewriting systems is the one 
stating that orthogonal term rewriting systems are confluent Orthogonality 
of a rewriting system roughly speaking expresses that rewrite steps are inde- 
pendent. In the setting of first-order term rewriting, it is usually formalised by 
two requirements imposed on the rewrite rules. These requirements arise from 
an analysis of the different ways in which contraction of a redex can destroy 
another redex that is present in the same term. 

First, a redex u can be destroyed by contraction of a redex u' if two subterms 
in u must be identical and contraction of u' changes one of them. For example 
in the step /(a, a) f{b, a) in the term rewriting system {a — > b, f{x, x) 6}, 
the redex /(a, a) is destroyed by contraction of the leftmost redex a. This kind 
of interference may cause a rewriting system to be non-confluent: in the term 
rewriting system {f{x, x) — > a, f{x, g(x)) ^ 5, c — > 5(c)} given in ^ 3 , we have 
both /(c, c) —> a and /(c, c) — » b. Another example, given in is the term 
rewriting system {d{x,x) — > e,c(x) d(x, c(x)), a c(a)}. We have c(a) -» e 
and c(a) -» c(e). The source of non-confluence as illustrated here is ruled out by 
requiring the term rewriting system to be left-linear, which means that variables 
are not allowed to occur more than once in the left-hand side of a rewrite rule. 

Second, a redex u can be destroyed by contraction of a redex u' if that con- 
traction changes one or more symbols in the pattern of u. Consider for instance 
the term rewriting system {a — > b, f{a) c}. In the step /(a) — > f{b), the redex 
/(a) is destroyed by the contraction of the redex a. The redexes a and /(a) 
are said to be overlapping in the term /(a). Clearly, the presence of overlap- 
ping redexes can cause a rewriting system to be non-confluent. Ruling out this 
source of non-confluence can be done by requiring that in all terms all redexes 
are non-overlapping. This requirement is guaranteed by a condition concerning 
the rewrite rules only; the formulation of this condition uses some additional 
terminology that we discuss now. 

A critical pair arises from a most general way in which two redexes can be 
overlapping. Consider for example the term rewriting system {a b, f{a, x) —> 
g(x)}. The term f{a,x) can be rewritten to f{b,x) by an application of the 
first rewrite rule, and to g{x) by an application of the second rewrite rule. The 
pair of terms {f{b,x),g{x)) is said to be a critical pair. The requirement of 
maximal generality concerns the surroundings of the two redexes that give rise 
to the critical pair. The intuition is that the surroundings should be taken to be 
minimal. For instance, the symbol g is not essential for the overlap between the 
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redexes a and f{a,x) in the term g{f{a,x))] hence (g{f{b,x)),g{g{x))) is not a 
critical pair. The symbol b is not essential for the overlap between the redexes a 
and f{a,b) in the term f{a,b)\ hence {f{b,b),g{b)) is not a critical pair either. 

The absence of critical pairs in a term rewriting system guarantees that in 
all terms all redexes are non-overlapping. 

A first-order term rewriting system is defined to be orthogonal if all its rules 
are left-linear and it has no critical pairs. At some places in the literature the 
definition of orthogonality requires instead of the absence of critical pairs that 
in all terms all redexes are non-overlapping; the two formulations are equivalent. 

Now the question arises whether the intuition of orthogonality, namely that 
rewrite steps are independent, is also for higher-order systems properly captured 
by requiring that rewrite rules are left-linear and that there are no critical pairs. 
As it turns out, the presence of bound variables does not yield another way 
in which contraction of a redex can destroy another redex. Note, however, that 
there is another way in which contraction of a redex can create another redex: by 
erasure of a bound variable a redex can be created for a rule with a so-called non- 
occur check. This happens for instance in the rewrite step f{x.g{x)) — > f{x.a) 
in the rewriting system {f(x.z) —>■ a,g{x) a}. This phenomenon plays a role 
in the study of termination rather than in that of confluence. 

So the definition of orthogonality for higher-order term rewriting systems 
is in essence the same as for first-order term rewriting systems. However, in 
particular the definition of critical pair is technically more complicated. Also 
unification of higher-order patterns is technically more complicated than that of 
first-order terms; it still decidable and moreover has linear complexity 
Here we do not give a completely formal definition of critical pair, which can be 
found for instance in 

Definition 1. 

1. A rewrite rule x.l —>■ x.r of a higher-order rewriting system is left-linear if 
every variable x G x occurs exactly once in 1. 

2. Let C[^s] = gt indicate a most general overlap between two redexes, with 
I —>■ r and g d rewrite rules. Then ((7[rs], dt) is a critical pair. 

Note that a critical pair is ordered. If the context C in the definition is the empty 
one, then the rewrite rules I r and g d must be different. The critical pair 
of lambda-calculus with /3ry-reduction is {app{z, z'),app{z, z')); it arises from the 
most general overlap in app(abs(a;.app(z, a;)),z'). The definition of orthogonality 
is now the same as the one for first-order term rewriting. 

Definition 2. A higher-order rewriting system is orthogonal if it has no critical 
pairs and all its rewrite rules are left-linear. 

There are two important methods to prove that orthogonal rewriting systems are 
confluent. The remainder of this subsection is devoted to a discussion of these 
two methods. The first one, that of simultaneous reduction, makes essential use 
of the structure of the expressions that are rewritten. The second one, that uses 
complete developments, is more abstract in nature. Both apply to higher-order 
rewriting systems, so we have the following result. 
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Theorem 1. Orthogonal higher-order rewriting systems are confluent. 

Simultaneous Reduction. First we discuss a method to prove confluence that 
makes use of simultaneous reduction. It is introduced by Tait and Martin-L6f 
in their proof of confluence of lambda-calculus with /3-reduction, see Q. The 
outline of this method is as follows: we inductively define a relation satisfying 
the following two properties: 

1. It has the diamond property, that is, t' r t whenever t' s t. 

2. Its reflexive-transitive closure equals the rewrite relation (— »). 

It is not difficult to see that this indeed yields confluence of rewriting. 

For first-order term rewriting systems, one can take for parallel rewrit- 
ing. This is the relation that contracts a set of redexes that are in parallel in 
one step. For instance, in the rewriting system {a a',f{x) f'{x)}, where 

there is moreover a binary function symbol g, we have g{a, g{a' , a'). The 

two redexes in the term /(/(a;)) are not parallel but nested, and hence we do 
not have f{f{x))—\\->- f'{f'{x)). Note however that f{f{x))—\\-^ and 

f{f{x))-{{^f{f'[x)) both hold. The relation — is defined inductively. The rule 

la-\{^ra 

with I ^ r a rewrite rule and a an assignment, expresses that redexes can be 
contracted, and the rule 

Sl-Fh^l ■ ■ ■ 

/(si,...,s„)-H^/(s'i,...,s;) 

permits to do so in parallel. Finally, there is the rule a;— |-|^-a;, with x a variable. 
The relation — 1-|-> is reflexive and compatible with the term structure. It can 
be shown that the reflexive-transitive closure of the parallel rewriting relation 
equals and moreover that — 1-|-> satisfies the diamond property. 

It is possible adapt the definition of — 1-|-> to the case of higher-order rewrit- 
ing, and to show that its reflexive-transitive closure equals the rewrite rela- 
tion. However, due to the possibility of nesting, — 1-|-> doesn’t have the diamond 
property. Consider for instance the higher-order rewriting system {f(x.z{x)) 
z{zla)),g{z) h{z)}. We have f(x.g(x))-{{^g(g(a)) and f(x.g(x))^f(x.h(x)) 
but not g(g(a))-{]^h(h(a)) (note however that we do have f(x.h(x))-{{^h(h(a))). 

In lambda-calculus there is also the possibility of nesting of redexes. In- 
deed, the definition of — 1-|-> adapted to lambda-calculus does not satisfy the 
diamond property either: we have (Ax.(\y.x)I))(II)-lj-* {\y.II)I and on the 
other hand {Xx.{Xy.x)I)){II)-\\-^ {Xx.x)I but there is no lambda-term M such 
that (Ay.//)/— and {Xx.x)I-^M . 

The relation used by Tait and Martin-L6f in their proof of confluence is 
essentially different from parallel rewriting in that it permits to contract any set 
of redexes in a term in one step. The important clause in the definition of this 
relation, which we denote here by — is as follows: 
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M^M' N^N' 

{\x.M)N^M'[x := N'] 

This suggests that for higher-order rewriting we should define instead of — 1-|-^ a 
relation, which we denote by — e-s- as the one for lambda-calculus, with 

. . . Sn-e^s'^ 

Isi... Sn 1/3 -&^rs[ . . . s'„ 1/3 

where denotes /3-reduction to normal form. Further, — e-> must be compatible 
with the term structure. Note that, reconsidering the example give above, we 
have 3 ( 5 ( 0 ))— e- 4 h(h(a)). We call the relation -e-^ here simultaneous reduction] 
it is also sometimes called parallel reduction. 

The relation — e -4 can be defined for left-linear higher-order rewriting systems. 
For orthogonal higher-order rewriting systems, it can be shown that the reflexive- 
transitive closure of — e-> equals — and further that — e-> satisfies the diamond 
property. As a consequence, we have the result that orthogonal higher-order 
rewriting systems are confluent. 

Finite Developments. The second method to prove confluence we discuss is the 
one using developments. It is more abstract in nature than the one using si- 
multaneous reduction, and can therefore more easily be adapted to situations 
where the rewriting system is not quite orthogonal or where the structures that 
are rewritten are not quite terms. Developments are used to show confluence of 
lambda-calculus in ^ and to show confluence of combinatory reduction systems 
in Q. We follow here basically the account presented in 

The idea is to define a relation ^ with ^ C ^ C -» that satisfies moreover 
the following diagram: 






Confluence follows then by an easy induction, since the diagram above and the 
fact that — *■ C ^ permit to construct the projection of a rewrite sequence d over 
a rewrite step, yielding a rewrite sequence e as follows: 



d: 



So 



to 



-3- Si )■ S2 > S3 )■ ■ ■ ■ 

\ / \ < \ , 

V V V 

ti »■ t2 h »• ■ ■ ■ 



The second method to prove confluence now proceeds as follows. We define a de- 
velopment of a set of redexes U as a, special kind of rewrite sequence, namely one 
in which only residuals of redexes in U are contracted. A development of U is said 
to be complete if it cannot be extended, that is, there are no residuals of redexes 
in U anymore. In general there can be different ways to perform a complete devel- 
opment, for instance /(a, a) f{b, a) —>■ f{b, b) and /(a, a) —>■ f{a, b) — > f{b, b) 
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are both complete developments of the set consisting of the two redexes a in 
the term /(a, a). Further, it is a priori not clear whether performing a complete 
development terminates at some point. The crucial step in the confluence proof 
is the following result, which is called the Finite Developments Theorem. 

Theorem 2. All complete developments of a set of redexes U are finite, end in 
the same term, and induce the same descendant relation. 

Hence all ways of sequentialising the contraction of a set of redexes are finite, 
and essentially the same. As a consequence, the complete developments relation 
satisfies the diamond property, so we can take it for 

We denote the complete developments relation just as simultaneous reduction 
by — 6-S-. This is justified since there is the following relation between simultaneous 
reduction and complete developments: a proof of s— e-4 t using the rules for 
simultaneous reduction corresponds to a complete development in which the 
redexes are contracted from the inside to the outside. 

The proof of the Finite Developments Theorem is essentially more complex 
for lambda-calculus and higher-order rewriting than for first-order term rewrit- 
ing systems, due the possibility of nesting. Consider for instance the higher- 
order rewriting system {f{x.z{x)) z(z(a)), g(z) h(z,z)}. In the com- 
plete development f{x.g{x)) g{g{a)) h{g{a),g{a)) h{h{a,a),g{a)) 

h{h{a,a),h{a,a)), two residuals of the redex g{x) in the initial term first get 
nested and then the innermost one is duplicated by the outermost one. 

The Finite Developments Theorem is not only useful to derive confluence, 
but in any situation where a rewrite sequence is projected over a rewrite step. 



3.2 Weak Orthogonality 

The methods to prove confluence of orthogonal higher-order rewriting systems 
both can be adapted to the case where critical pairs are allowed, but only if they 
are of the form (s, s). Such a critical pair is said to be trivial. The notion of 
trivial critical pair is used to define the class of weakly orthogonal higher-order 
rewriting systems; the definition is analogous to the one for the first-order case. 

Definition 3. A higher-order rewriting system is weakly orthogonal if it is left- 
linear and all its critical pairs are trivial. 

Examples of weakly orthogonal rewriting systems that are not orthogonal are 
{a — > b,f{a) f{b)} and {f{x) /(6),/(a) — > f{b)}. Moreover, lambda- 

calculus with both /3-and /^-reduction is a weakly orthogonal rewriting system. 

Orthogonality is defined in terms of the left-hand sides of the rewrite rules 
only, whereas weak orthogonality concerns the right-hand sides of rewrite rules. 
This explains why extensions from the orthogonal to the weakly orthogonal case 
may cause considerable complications, also for first-order rewriting. 
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Simultaneous Reduction. The method using simultaneous reduction can be ex- 
tended to the weakly orthogonal case as follows. The idea is to proceed by 
induction on a measure that roughly speaking counts the overlap between two 
co-initial steps s— e-> t and s— e-s- t'. In case there is no overlap, we proceed as 
in the orthogonal case. In case there is overlap, we take minimal overlapping 
redexes u and u' such that u is contracted in s— e-4 t and u' is contracted in 
s-e^t' . Since all trivial pairs are trivial, we have that contracting u yields the 
same term as contracting u' , say s' . The proof proceeds now by showing that 
s'-e^t and s'-e^t', and that the measure of this divergence is smaller than that 
of the original one. If follows then by induction that — e-> satisfies the diamond 
property. The proof is illustrated by the following diagram. 




Finite Developments. The proof using developments is adapted to the case of 
weakly orthogonal systems as follows ^3. First, complete developments are de- 
fined for sets of redexes that are pairwise non-overlapping. It turns out that this 
is sufficient to ensure that complete developments can be defined properly; a 
global condition on the whole set of redexes under consideration is not neces- 
sary. The aim is to show that whenever s — *■ t, by contracting a redex u, and 
s-&^t', by contracting a set of redexes V we have that there exists a term r such 
that t-e-fv and t'-e-^r: 



t' 



i 



There are two possibilities. Either the redex u doesn’t overlap with any redex in 
the set V. In that case both t and t' rewrite by a complete development to the 
term obtained by performing a complete development of {u}UV, starting in s. In 
the other case, there is a redex v in the set V such that u and v are overlapping, 
and hence give rise to a critical pair. Since all critical pairs are trivial, we have 
that s also rewrites to t by contracting the redex v instead of u. Now we have 
that t rewrites to t' by performing a complete development of all residuals of V 
in t. 
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3.3 Critical Pairs 

In the previous subsection we have seen that for left-linear systems, confluence 
holds if all critical pairs are trivial. Further, we have seen examples showing that 
a term rewriting system that is not left-linear need not be confluent, even in the 
absence of critical pairs. A natural next step is to investigate to what extent 
the condition on critical pairs can be relaxed while maintaining confluence, or a 
weaker version of it. 

Huet (see also ^3) shows that a first-order term rewriting system is 
locally confluent (that is, ^ r «- t whenever <— s — > t) if all its critical 
pairs are confluent. A critical pair (s, s') is said to be confluent if s and s' have a 
common reduct. Using Newman’s Lemma, confluence of a terminating first-order 
term rewriting system follows from confluence of its critical pairs. 

The idea of the proof as given in Q is globally as follows. Consider two 
co-initial rewrite steps s — *■ t, obtained by contraction of a redex u, and s ^ t' , 
obtained by contraction of a redex u' . If u and u' do not overlap, an analysis of 
their relative positions yields that a common reduct of t and t' can be found. 
Now suppose that u and u' are overlapping redexes and let u' be above u. The 
key auxiliary result states that in that case there must be a critical pair (r, r') 
such that t = C[ra\ and t' = C[r'a\. Since critical pairs are confluent, r and r' 
have a common reduct. As a consequence, t and t' have a common reduct. 

The result of is generalised to higher-order term rewriting systems by 
Nipkow The proof proceeds basically as in the first-order case, but it is 

technically significantly more difficult to show the key auxiliary result. 

Theorem 3. A higher-order rewriting system is locally confluent if all its crit- 
ical pairs are confluent. 

Consider for example the rewrite rules for surjective pairing: z')) —>■ 

z, 712(71(2, z')) ^ z', 7r(7Ti(z), 7T2 (z)) ^ z}. There are two critical pairs, namely 
(7t(z, 712(71(2, z'))), 7t(z, z')) and {Tr{ni{n{z, z')), z'), 7t(z, z')). Both are confluent. 
As a consequence, the rewriting system is locally confluent. Note that also lo- 
cal confluence of lambda-calculus with /3-reduction extended with the rules for 
surjective pairing is obtained as an application of the theorem above. 



3.4 Development Closed 

For left-linear rewriting systems that are not terminating, confluence of the crit- 
ical pairs does not guarantee confluence of the rewriting system. This is for 
instance illustrated by the rewriting system {a — > 5, a — > c, 5 — > a, 5 — > d}. 

Huet Q formulates a criterion on critical pairs that is stronger than the one 
of being only confluent, and shows that it is a sufficient condition for confluence of 
left-linear first-order term rewriting systems. This criterion is as follows: if (s, f) 
is a critical pair, then we have s— |j-> t. A critical pair satisfying this criterion is 
said to be parallel closed, and a rewriting system is said to be parallel closed if 
all its critical pairs are so. This result yields for instance confluence of the term 
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rewriting system {f{g{x),b) — > f{g{x),b'),g{a') g{a),a ^ a' ,b^ b'}, because 
for the critical pair (/(5(a), 5), /(g(a'), 6')) we have f{g{a),b)^f{g{a'),b'). 

Van Oostrom extends in the result that parallel closed rewriting systems 
are confluent to the higher-order case. The skeleton of the proof is the same as 
that for first-order rewriting, but the difference is that now another invariant is 
needed: instead of parallel reduction (— |i^) the relation of complete developments 
(—6-4) is used. Correspondingly, the requirement that all critical pairs are parallel 
closed can be relaxed: instead, for every critical pair (s,t) it is required that 
s— e-4 t, that is, there is a complete development from s to f. A critical pair 
satisfying this criterion is said to be development closed, and a rewriting system 
is said to be development closed if all its critical pairs are so. The result of 
states that a left-linear higher-order rewriting system is confluent if all its critical 
pairs are development closed; this is an extension of the result that parallel closed 
rewriting systems are confluent also if only first-order rewriting is considered. 

The skeleton of the proof is as follows. We look for a rewriting relation ^ 
such that the diamond property of implies confluence of — For proving the 
diamond property of =>, suppose that s => f and s => t'. We proceed by induction 
on some measure that roughly speaking counts the overlap between those two 
steps. So first we need to prove the diamond property of in the case that the 
measure is zero, that is, there is no overlap between the steps s => f and s In 
case the measure is greater than zero, we single out a critical divergence between 
the step s ^ to, obtained by contracting some redex u, and the step s — > fp, 
obtained by contracting some redex u'. Suppose that the condition imposed on 
critical pairs yields that tp to. Now the following is shown: 

• We have to ^ t and t'o => t' . 

• The steps tg to and to ^ t can be joined to form a step t^ ^ t. 

• The new divergence f ^ t'o ^ t is smaller than the old one t' <;= s 

It then follows then => has the diamond property, which yields confluence 
The proof idea is illustrated in the following diagram. 




For first-order rewriting parallel reduction (— |i^) is taken for =>. For higher- 
order rewriting this doesn’t work since it doesn’t satisfy the diamond property. 
Instead, the complete development relation (— e-^) is taken for => [J. 

Another question is what should be taken for It is needed that C 
and the result is the strongest if ^ The latter is indeed done in both cases. 
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It is more difficult to show that the — e-4 -step joining the critical pair and the 
remainder of the original — e-^-step can be combined into a new — e-4-step than to 
show the analogous statement for the parallel rewriting relation — |j-!- . Also the 
argument that the measure decreases is more complex in the higher-order than 
in the first-order case. 

Theorem 4. A left-linear higher-order rewriting system is confluent if it is de- 
velopment closed. 

As an application of this result, we obtain that the higher-order term rewrit- 
ing system {f{g{x.z{x))) f{z{z{x))),g{x.h'{x)) h{h{x)),h{x) h'{x)} is 

confluent, because for the critical pair {f{h{h{x))), f{h'{h'{x)))) we have that 
f(h{h{x)))^f{h'{h'{x))). 

4 Termination 

A rewriting system is terminating if it does not admit infinite rewrite sequences; 
then all rewrite sequences end in a normal form. For first-order rewriting, a lot 
of techniques and methods to prove termination exist. The theory of termination 
of higher-order rewriting is so far significantly less well-developed. In this section 
we discuss two important methods to prove termination that are extended to the 
higher-order case. The last subsection is concerned with a normalising strategy. 



4.1 Termination Models 

Termination of a rewriting system can be proved by mapping every term to 
an element of a non-empty set A that is equipped with a well-founded partial 
order >, in such a way that |s] > |t] whenever s — > t, where the mapping is 
denoted by |.]. For first-order term rewriting, this means that we need to have 
|C'[^(t]] > |C'[r(r]] for every rewrite rule I r, context C, and assignment a. It 
is clearly desirable to eliminate some of the quantifications here. 

This is done in the method using termination models: here a requirement 
concerning the rewrite rules guarantees the inequality |C'[^<t]] > |C'[r(r]] to hold 
for every context C and every assignment a. A termination model for a first-order 
term rewriting system is an algebra for the signature of the rewriting system in 
which the terms can be interpreted as usual, with the following properties: 

1. The algebra is equipped with a well-founded partial order >. 

2. The functions / : A” ^ A of the algebra are required to be monotonic in 
the following sense: /(..., a, .. .) > f(. . . , o', . ■ ■) whenever a > a'. 

3. For every rewrite rule I —>■ r and assignment a we have per] > |r<j|. 

In fact, instead of the last requirement a condition on the algebraic side is for- 
mulated in terms of valuations; that condition implies the last requirement as 
above. The second requirement yields that |C'[s]| > |C'[t]| whenever |s| > |t|. 
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Huet and Oppen and Zantema prove that a first-order term rewriting 
system is terminating if and only if it has a termination model. This result 
provides a complete but not algorithmic method for proving termination. 

Van De Pol presents in a generalisation of this result to the higher- 

order case. This generalisation makes use of ideas that are also present in the 
work by Gandy | and De Vrijer on termination of simply typed A- 

calculus. For every type A, the set of functionals of type A is defined by induction 
on the definition of simple types: a base type is interpreted as some fixed non- 
empty set, and an arrow type A B is interpreted as the function space |Al] => 
|i?], where we use the notation |.] also for the interpretation of types. 

In order to prove termination of simply typed A-calculus, the A/-terms (A- 
terms that cannot erase arguments, for instance Xx.y is not a A/-term) are 
interpreted as certain functionals, called the hereditarily monotonic ones, which 
come equipped with an ordering. This interpretation cannot be used for proving 
termination of a higher-order rewriting system for the following reason. First, 
contraction of a /3-redex yields a decrease in the ordering, whereas in higher-order 
rewriting we work modulo /3 and hence contraction of a /3-redex shouldn’t change 
the interpretation. Second, for proving termination of higher-order rewriting, the 
ordering should be adapted to make it closed under contexts in /?? 7 -normal form. 
These two requirements together yield that the ordering must be reflexive, which 
makes it useless for proving termination. 

The solution presented in is to define two sets of functionals: the 

set of weakly monotonic functionals, and the set of strict functionals. Both come 
equipped with an order. The first is a superset of the set of hereditarily monotonic 
functionals and can be used for the interpretation of arbitrary A-terms, the 
second is a subset of the set of hereditarily monotonic functionals and is used 
for the interpretation of the function symbols and variables of a higher-order 
rewriting system. Now all these ingredients are present in the definition of a 
termination model for a higher-order rewriting system, which is given as follows: 

1. Every base type is interpreted as a well-founded partial order with some 
additional property that guarantees the existence of weakly monotonic and 
strict functionals for all types. 

2. Function symbols of the higher-order rewriting system are interpreted as 
strict functionals. 

3. For every rewrite rule I r, we have |/] > |r] in the weakly monotonic 
ordering. 

The two key results for the termination method are now as follows. First, when- 
ever |s] > |t] in the weakly monotonic ordering, we have in the strict ordering 
that |C[s]] > |C'[f]] with C a context in /?rJ-normal form, provided that function 
symbols and variables are interpreted strictly. Second, it is shown that |s] = |f] 
if s and t are /3-equal. This is used to prove the following ^3^9- 

Theorem 5. A higher-order rewriting system is terminating if it has a termi- 
nation model. 
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The reverse of the statement does not hold; a simplification of a counterexample 
in is given in The restriction that left-hand sides of the rewrite rules 
should be patterns is not necessary for the proof of the theorem. Further, a 
corollary is that the combination of a terminating first-order term rewriting 
system and simply typed A-calculus with /3-reduction is terminating. 

To illustrate the use of termination models, we consider as an example 
(taken from the higher-order rewriting system {and(z, forall(a;. 2 ;'(a;))) ^ 
forall(a;.and(z, z'(a;)))} with and : form ^ form — > form and forall : (term ^ 
form) — > form. Intuitively, term represents the set of terms and form represents 
the set of formulas. Both are interpreted as the set of natural numbers. Further, 

• and is interpreted as Am, n. € N. (2 • m -|- 2 • n), 

• forall is interpreted as A/ G N N. (/(O) -I- 1). 

Now we have: 

|and(z, forall(a;.z'(a;)))] = 2 • |z] -k 2 • (|z'l(0) -k 1) 

> 2 • |z] -k 2 • |z'](0) -k 1 
= |forall(a;.and( 2 :, z'(a;)))]. 



4.2 Recursive Path Ordering 

An important method to prove termination of a first-order term rewriting system 
is the one using the recursive path ordering Q. This ordering is roughly speaking 
defined by extending a well-founded ordering on function symbols in a recursive 
way. The two key results concerning the recursive path ordering are that it is 
a well-founded ordering on terms, and that I > r implies C[la] > C[ra] for 
every context C and every assignment a. This yields the following method to 
prove termination of a first-order term rewriting system: define a well-founded 
ordering on the function symbols and show that in its extension to the recursive 
path ordering we have I > r for every rewrite rule. 

Jouannaud and Rubio define in a recent paper ^ generalisation of the re- 
cursive path ordering to higher-order terms, and show that it provides a method 
to prove termination of higher-order term rewriting systems. The remarkable 
feature of their proof is that Kruskal’s Tree Theorem is not used to show well- 
foundedness of the recursive path ordering. 

To start with, we show that termination of the first-order term rewriting 
system {f{z,g{z')) — > g{f{z,z'))} can be proved using the recursive path order- 
ing. Taking f > g as ordering on the function symbols yields that f{z,g{z')) > 
g{f{z,z')) in the recursive path ordering: first, one is allowed to make copies 
of f{z,g{z')) under a smaller function symbol ( 5 ), yielding g{f{z,g{z'))), and 
second, it is possible to get rid of the innermost symbol g by selecting only its 
argument z' , yielding f(z,g{z')) > g{f{z,z')). 

Next, we reconsider the higher-order term rewriting system of the previ- 
ous subsection {and(z, forall(a;.z'(a;))) ^ forall(a;.and(z, z'(a;)))}. The structure of 
this rewrite rule is similar to the one of the first-order example above. Taking as 
ordering on the function symbols and > forall yields that and(z, forall(a;. z'{x))) > 
forall(a;. and(z, z'{x))) in the recursive path ordering defined in ^ 3 . 
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4.3 Outermost-Fair Rewriting 

It may occur that a term can be rewritten to normal form but is also the starting 
point of an infinite rewrite sequence: consider for example the term /(a, 5) in 
the rewriting system {/(a, x) — > c, 5 — > 6}. In such a situation it is important to 
know how to rewrite the term such that eventually a normal form is obtained. 
In the case of f{a,b), at some point the redex f{a,b) should be contracted in 
order to reach the normal form c. A strategy can be seen as selecting one or more 
redex occurrences in a term that is not in normal form. A strategy is said to be 
normalising if repeatedly contracting redex occurrences selected by the strategy 
yields a normal form whenever the initial term has one. 

O’Donnell shows in Q that the parallel- outermost strategy, which contracts 
all redexes that are outermost in a term in one step, is normalising for first-order 
term rewriting systems that are left-linear, and where trivial critical pairs are 
only allowed in a certain restricted form. A stronger result obtained in 
is that outermost-fair rewriting is normalising. A rewrite sequence is said to 
be outermost-fair if every outermost redex occurrence is eliminated eventually. 
For example, in the rewriting system {a ^ a, 6 ^ c, /(c, a;) ^ /(6, a;)}, the 
rewrite sequence /(5, a) f{c, a) f{b, a) ... is outermost-fair, but the 
rewrite sequence f(b, a) f{b, a) — > f{b, a) —> ... is not. A parallel-outermost 
rewrite sequence is outermost-fair, since in every step all outermost redexes are 
eliminated. Hence normalisation of the parallel-outermost strategy is a direct 
consequence of the normalisation of outermost-fair rewriting. 

The idea of the proof that outermost-fair rewriting is normalising as given 
in is roughly as follows. Consider a term s that has a normal form s' . The 
intention is to show that all outermost-fair rewrite sequences starting in s end in 
s' . We fix a rewrite sequence f : s ->* s' and proceed by induction on its length. 
If / consists of zero steps, there is nothing to prove. If / consists of one or more 
rewrite steps, then it is of the form s t —» s'. Let d be an outermost-fair 
rewrite sequence starting in s. Now the rewrite sequence d is projected over the 
rewrite step s t, as in the following picture, where sq = s and to = t: 



d : 



e : 



So 

1 

t 

to ■ 



■ Si o — )■ S2 



S 3 o- 



1 

t 

■ ^2 



1 

t 

■ to ■ 



Then the following is shown: 

1. If d is outermost-fair then e is outermost-fair. 

2. If d is outermost-fair and e ends in a normal form r, then d also ends in r. 

It now follows by the induction hypothesis that the outermost-fair rewrite se- 
quence d ends in the normal form s' of s. 

We don’t consider the proof in more detail here, but just discuss the restric- 
tion of left-linearity and the one imposed on critical pairs. 
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An important observation is that outermost-fair rewriting is not normalis- 
ing if a redex that is not outermost can create an outermost redex. This can 
happen if the rewriting system is not left-linear. Consider for instance {a —>■ 
b,f{x,x) b,g{x) 5(3;)}. The term f{g{a),g{b)) has a normal form, namely 
b, but it is not reached by the outermost-fair rewrite sequence f{g{a),g(b)) —>■ 
f{g{a)^g{b)) — > f{g{a),g{b)) ^ in which alternatingly the redexes g{a) and 
g(b) are contracted. In a rewrite sequence from f{g(a),g(b)) to normal form, as 
for instance f{g{a),g{b)) f{g{b),g{b)) b, the contraction of the redex a, 

which is not outermost, creates the outermost redex f{g{b),g{b)). 

Further, outermost-fair rewriting is not normalising if redex patterns inter- 
fere in an arbitrary way. The term a in the rewriting system {a a, a —>■ b} 
has a normal form which is not reached by the outermost-fair rewrite sequence 
a a a This interference is ruled out by forbidding the presence 

of critical pairs. However, it doesn’t show that it is necessary to restrict atten- 
tion to systems without critical pairs. Actually, the result in is obtained 
for rewriting systems where a special kind of critical pairs is allowed, namely 
the ones that are trivial and where the overlap is at the top. Rewriting systems 
that are left-linear and have only this kind of trivial pair, caused by overlap at 
the top, are said to be almost orthogonal. Almost orthogonal systems form a 
superclass of the orthogonal systems, and a subclass of the weakly orthogonal 
systems. The rewriting system {/(a) ^ /(a), f{x) — *■ /(a)} is almost orthogonal 
but not orthogonal. Note that its trivial critical pair is caused by an overlap at 
the top. The critical pair in {a ^ a, /(a) — > /(a)} is trivial but the overlap is 
not at the top; this system is weakly orthogonal but not almost orthogonal. 

The above discussion shows that it is necessary to restrict attention to left- 
linear systems (otherwise outermost-fair rewriting need not be normalising). It 
is however not yet clear whether the restriction to critical pairs that are trivial 
and have overlap at the top is necessary. We come back to this point below. 

The question arises whether the result of can be extended to the higher- 
order case. It turns out that this is indeed the case, provided an additional 
restriction on the rewriting systems is imposed. The point is that in higher- 
order rewriting, there is, due to the presence of bound variables, yet another 
way in which a redex that is not outermost can create an outermost redex. As 
a consequence, outermost-fair rewriting need not be normalising if this addi- 
tional restriction is not imposed. The following example, due to Van Oostrom, 
shows the essence of the problem: {f{x.z) — > a,g{z) g{z),h{z) a}. The 

term f{x.g{h{x))) has a normal form: f{x.g{h{x))) — > f{x.g{a)) — *■ a. How- 
ever, this normal form is not reached by the outermost-fair rewrite sequence 
f{x.g{h{x))) f{x.g{h{x))) f{x.g{h{x))) —>.... Note that contraction of the 

innermost redex h{x) creates an outermost redex, namely f{x.g{a)), by erasing 
the bound variable; it is only possible to apply the first rewrite rule to a term of 
the form f{x.t) if t doesn’t contain free occurrences of x. This way of creating 
redexes is ruled out by disallowing the non-occur check as present in the exam- 
ple. Formally, this is done by requiring the rewrite rules to be fully extended, a 
notion which is defined as follows 0 . 
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Definition 4. 

1. Let z.l be a rule-pattern. An oeeurrence of z G z in I is fully extended if it 
is of the form z{xi , . . . , Xn) with xi, ... ,Xn all the variables bound above it. 

2. A rewrite rule z.l z.r is fully extended if every oeeurrence of every Zi G z 
in I is fully extended. 

3. A higher-order rewriting system is fully extended if all its rewrite rules are. 

The rewrite rule z.f{x.z{x)) ^ r is fully extended. The rewrite rules z.f{x.z) 
r and abs(a;.app(z, x)) z are not fully extended. Recall that z.f{x.z{x, y)) and 
z.f{x.z{x,x)) are not even rule-patterns. 

Now we come back to the restriction imposed on critical pairs. Recently, it is 
shown in that outermost-fair rewriting is normalising for weakly orthogonal 
rewriting systems, where arbitrary trivial pairs are allowed. It seems that the 
restriction to trivial critical pairs cannot be relaxed much more. Consider for 
instance the rewriting system {a b,g{x) g{x), f{g{b)) b}. It is parallel 

closed since we have f{g{b)) b. The term f{g{a)) has a normal form, namely 6, 
but it is not reached by the outermost-fair rewrite sequence f{g{a)) f{g{a)) 

f{g{a)) ^ . . .. The proof presented in is abstract in nature and applies also 
to the case of higher-order rewriting. It makes use of ideas that are also present 
in For proofs according to the sketch given above, see 

Theorem 6. Outermost-fair rewriting is normalising for higher-order rewriting 
systems that are weakly orthogonal and fully extended. 
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1 Introduction 

Maude is a high-performance language and system supporting both equational 
and rewriting logic computation for a wide range of applications, including devel- 
opment of theorem proving tools, language prototyping, executable specification 
and analysis of concurrent and distributed systems, and logical framework ap- 
plications in which other logics are represented, translated, and executed. 

Maude’s functional modules are theories in membership equational logic 
a Horn logic whose atomic sentences are either equalities t = t' or membership 
assertions of the form t : s, stating that a term t has a certain sort s. Such a logic 
extends OBJS’s Q order-sorted equational logic and supports sorts, subsorts, 
subsort polymorphic overloading of operators, and definition of partial functions 
with equationally defined domains. Maude’s functional modules are assumed 
to be Church-Rosser; they are executed by the Maude engine according to the 
rewriting techniques and operational semantics developed in Q. 

Membership equational logic is a sublogic of rewriting logic Q. A rewrite the- 
ory is a pair (T, R) with T a membership equational theory, and R a collection 
of labeled and possibly conditional rewrite rules involving terms in the signature 
of T. Maude’s system modules are rewrite theories in exactly this sense. The 
rewrite rules r : t — > t' in R are not equations. Computationally, they are inter- 
preted as local transition rules in a possibly concurrent system. Logically, they 
are interpreted as inference rules in a logical system. This makes rewriting logic 
both a general semantic framework to specify concurrent systems and languages 
Q, and a general logical framework to represent and execute different logics Q. 

Rewriting in (T, R) happens modulo the equational axioms in T. Maude sup- 
ports rewriting modulo different combinations of associativity, commutativity, 
identity, and idempotency axioms. The rules in R need not be Church-Rosser 
and need not be terminating. Many different rewriting paths are then possible; 
therefore, the choice of appropriate strategies is crucial for executing rewrite the- 
ories. In Maude, such strategies are not an extra-logical part of the language. 

* Supported by DARPA through Rome Laboratories Contract F30602-97-C-0312, by 
DARPA and NASA through Contract NAS2-98073, by Office of Naval Research Con- 
tract N00014-96-C-0114, and by National Science Foundation Grant CCR-9633363. 

P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 240-^^^ 1999. 

(c) Springer-Verlag Berlin Heidelberg 1999 



The Maude System 241 



They are instead internal strategies defined by rewrite theories at the metalevel. 
This is because rewriting logic is reflective | in the precise sense of having a 
universal theory U that can represent any finitely presented rewrite theory T 
(including U itself) and any terms t, t' in T as terms T and t, t' in U, so that we 
have the following equivalence 

T'rt — >t' ^ 

Since U is representable in itself, we can then achieve a “reflective tower” with 
an arbitrary number of levels of reflection. Maude efficiently supports this reflec- 
tive tower through its META-LEVEL module, which makes possible not only the 
declarative definition and execution of user-definable rewriting strategies, but 
also many other applications, including an extensible module algebra of param- 
eterized module operations that is defined and executed within the logic. 

This extensibility by reflection is exploited in Maude’s design and imple- 
mentation. Core Maude (Section 2) supports module hierarchies consisting of 
(unparameterized) functional and system modules and provides the META-LEVEL 
module. Full Maude (Section 3) is an extension of Core Maude written in Core 
Maude itself that supports a module algebra of parameterized modules, views, 
and module expressions in the OBJ style Q as well as object-oriented modules 
with convenient syntax for object-oriented applications. The paper ends with 
a summary of different applications (Section 4). The Maude 1.0 system and its 
documentation have been available for distribution (free of charge) since January 
1999 through the Maude web page ittD : / /maude . csi . sri . con 

2 Core Maude 

The Maude system is built around the Core Maude interpreter, which accepts 
module hierarchies of (unparameterized) functional and system modules with 
user-definable mixfix syntax. It is implemented in C-|— I- and consists of two 
parts: the rewrite engine, and the mixfix frontend. 

The rewrite engine is highly modular and does not contain any Maude- 
specific code. Two key components are the “core” module and the “interface” 
module. The core module contains classes for objects which are not specific to 
an equational theory, such as equations, rules, sorts, and connected sort com- 
ponents. The “interface” module contains abstract base classes for objects that 
may have a different representation in different equational theories, such as sym- 
bols, term nodes, dag nodes, and matching automata. New equational theories 
can be “plugged in” by deriving from the classes in the “interface” module. To 
date, all combinations of associativity, commutativity, left and right identity and 
idempotence have been implemented apart from those that contain both associa- 
tivity and idempotence. New built in symbols with special rewriting (equation 
or rule) semantics may be easily added. 

The engine is designed to provide the look and feel of an interpreter with 
hooks for source level tracing/debugging and user interrupt handling. These 
goals prevent a number of optimizations that one would normally implement in 
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a compiler, such as transforming the user’s term rewriting system, or keeping 
pending evaluations on a stack and only building reduced terms. The actual im- 
plementation is a semi-compiler where the term rewriting system is compiled to 
a system of tables and automata, which is then interpreted. Typical performance 
with the current version is 800K-840K free-theory rewrites per second and 27K- 
11 IK associative-commutative (AC) rewrites per second on standard hardware 
(300MHz Pentium 11). The figure for AC rewriting is highly dependent on the 
complexity of the AC patterns (AC matching is NP-complete) and the size of 
the AC subjects. The above results were obtained using fairly simple linear and 
non-linear patterns and large (hundreds of nested AC operators) subjects. 

The mixfix frontend consists of a bison/flex-based parser for Maude’s sur- 
face syntax, a grammar generator (which generates the context free grammar 
for the user-definable mixfix syntax in a module together with some built-in 
extensions), a context free parser generator, a mixfix pretty printer, a fully reen- 
trant debugger, the built-in functions for quoted identifiers and the META-LEVEL 
module, together with a considerable amount of “glue” code holding everything 
together. Many of the C-|— I- classes are derived from those in the rewrite en- 
gine. The Maude parser generator (MSCP) is implemented using SCP as the 
formal kernel Q. The techniques used include /3-extended GFGs (that is, CFGs 
extended with “bubbles” (strings of tokens) and precedence/gather patterns). 
MSCP provides efficient treatment of syntactic reflection, and a basis for flexible 
syntax definition. 

In Maude, key functionality of the universal theory U has been efficiently 
implemented in the functional module META-LEVEL. In META-LEVEL Maude terms 
are reified as elements of a data type Term, and Maude modules are reified 
as terms in a data type Module. The processes of reducing a term to normal 
form in a functional module and of rewriting a term in a system module using 
Maude’s default interpreter are respectively reified by functions meta-reduce 
and meta-rewrite. Similarly, the process of applying a rule of a system module 
to a subject term is reified by a function meta-apply. Furthermore, parsing and 
pretty printing of a term in a signature, as well as key sort operations are also 
reified by corresponding metalevel functions. 



3 Full Maude 

Using reflection Core Maude can be extended to a much richer language with 
an extensible module algebra of module operations that can make Maude mod- 
ules highly reusable. The basic idea is that the META-LEVEL module can be 
extended with new data types — extending the Module sort of flat modules to 
structured and parameterized modules — and with new functions corresponding 
to new module operations — such as instantiation of parameterized modules by 
views, flattening of module hierarchies into single modules, desugaring of object- 
oriented modules into system modules, and so on. All such new types and oper- 
ations can be defined in Core Maude. Using the meta-parsing and meta-pretty 
printing functions in META-LEVEL and a simple LOOP-MODE module providing in- 
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put/output we have developed in Core Maude a user interface for Full Maude. At 
present, Full Maude supports all of Core Maude plus object-oriented modules, 
parameterized modules, theories with loose semantics to state formal require- 
ments in parameters, views to bind parameter theories to their instances, and 
module expressions instantiating and composing parameterized modules. 

4 Applications 

Maude is an attractive formal meta-tool for building many advanced applica- 
tions and formal tools. The largest application so far is Full Maude (7,000 lines 
of Maude code). Other substantial applications include: an inductive theorem 
prover; a Church-Rosser checker (both part of a formal environment for Maude 
and for the CafeOBJ language B); an HOL to Nuprl translator; and a transla- 
tor from J. Millen’s CAPSL specification language to the CIL intermediate lan- 
guage. In addition, several language interpreters and strategy languages, several 
object-oriented specifications — including cryptographic protocols and network 
applications — and a variety of executable translations mapping logics, architec- 
tural description languages and models of computation into the rewriting logic 
reflective framework have been developed by different authors. 
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Abstract. T Oy is the concrete implementation of CRWL, a wide theo- 
retical framework for declarative programming whose basis is a construc- 
tor based rewriting logic with lazy non-deterministic functions as the 
core notion. Other aspects of CRWL supported by T Oy are: polymor- 
phic types; HO features; equality and disequality constraints over terms 
and linear constraints over real numbers; goal solving by needed narrow- 
ing combined with constraint solving. The implementation is based on a 
compilation of T Oy programs into Prolog. 



1 Introduction 

T oy is a system for multiparadigm declarative programming which encom- 
passes (and extends in some interesting ways) functional programming (FP), 
logic programming (LP) and constraint programming. The system has been 
made publicly available (at http://mozart.sip.ucm.es/toy), and we have de- 
veloped for it a variety of interesting programs and programming methodologies 

As with many other narrowing-based FP+LP proposals (see for a 

survey), the starting point of TOy can be described as follows: rewrite systems 
can be seen as functional programs, and rewriting performs evaluation. The use 
of narrowing instead of rewriting results in goal solving capabilities, turning the 
rewrite system into a functional logic program. When seen as rewrite systems. 
Toy programs have the following characteristics: 

1. They follow a constructor discipline. Rules use linear constructor-made 
patterns in left-hand sides. 

2. They can be non-terminating and non-confluent. Therefore T Oy programs 
serve to compute non-deterministic lazy functions, which turn out to be a useful 
tool for programming. As a particular source of non-confluence, TOy allows 
extra variables to appear in right-hand sides of rules. 

3. They use constrained conditional rules for defining functions. TOy can 
manage equality and disequality constraints over constructor terms, and linear 
constraints over real numbers. 

4. They may be higher order. TOy's approach to HO features is based on 
an intensional view of functions: functions, when partially applied, behave as 

* The authors have been partially supported by the Spanish CICYT (project TIC 
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data constructors, and can be used to form HO patterns which, in particular, 
can appear in left-hand sides of rules and also in answers. 

5. They are polymorphically typed. Types are inferred (optionally declared) 
according to Hindley-Milner system. 

6. As goal solving mechanism, TOy uses a suitable combination of lazy 

narrowing (with a sophisticated strategy, called demand driven or needed 

narrowing and constraint solving. Alternative solutions for a given goal 

are obtained by backtracking. 



2 'Toy in the FLP context 



Toy implements a wide theoretical framework (called CRWL) for declarative 
programm ing. The first order untyped core of the framework can be found in 
HO features were included in Polymorphic types (and also 

algebraic types, not yet implemented in T Oy) are addressed in 
and further extended with constraints in The concrete lazy 

narrowing strategy adopted by T Oy is studied in and formally 

justified within the CRWL-framework in 

T oy is an evolution of BABEL a functional logic language with a 

much more restrictive class of programs (confluent, no constraints, more limited 
HO features) . Among other proposals f or FLP w ith publicly available implemen- 
tations, the most related one is Curry a still in progress initiative for 

developing a ‘standard’ FLP language. T Oy and Curry share many character- 
istics, but there are still remarkable differences: 

* Curry ’s operational model, which combines lazy narrowing and residuation, 

was proposed and formally justified for certain kinds of unconditional 

confluent programs. For practical reasons, Curry now accepts conditional rules 
and non-deterministic functions, but they lie outside its formal foundations. 

* Curry contemplates constraints as a special kind of expressions, but in fact 
only equality constraints are considered. Constraints are also outside the formal 
foundations of Curry. 

* Curry does not contemplate HO patterns nor HO logical computations. 



3 Programming in T Oy 

The table below contains a small program showing some of TOy's abilities, 
together with some goals and the corresponding answers. T Oy borrows from 
Haskell most of its syntax, with the exception that variables begin with upper- 
case letters while constructor and function symbols use lower-case. 

The goal (a) in the table sorts a list, in a pure functional computation. Goal 
(b) sorts a list with a variable as one of its elements; the three given answers 
include linear constraints over such variable. The answer for goal (c) involves a 
syntactic disequality. In goal (d) F is a higher order logic variable; the obtained 
values for this variable are higher order patterns (permut, sort,...). 
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% N on-deterministic choice of one of two values 

infixr 40 // X // Y = X X // Y = Y 

% Non-deterministic insertion of an element into a list 

insert X [] = [X] insert X [Y|Ys] = [X,Y|Ys] // [Ylinsert X Ys] 

% Non-deterministic generation of permutations of a list 

permut [] = [] permut [X|Xs] = insert X (permut Xs) 

% Tests if a list of numbers is sorted 

sorted [] = true sorted [X] = true 

sorted [X,Y|Ys] = sorted [Y|Ys] <== X <= Y 

% Lazy ‘generate-and-test ’ permutation sort, ’check’ calls ’sorted’ which demands 
% its argument, which is lazily non-deterministically generated by ’permut’. 

% As soon as the test fails, ’permut’ stops the generation and tries another 
% alternative for the last choice it made 

sort Xs = check (permut Xs) check Xs = Xs <== sorted Xs == true 



Goal 

(^ajsort [4,2,5, 1,3] == 
('fcj sort [3,2,X] == L 

('cjsort [3,2,1] /= L 
(d)F [2,1,3] == [1,2,3] 



L 



Answers 

L == [1,2, 3, 4, 5]; no more solutions 
L == [X,2,3] {X=<2}; L == [2,X,3] {X>=2,X=<3}; 
L == [2,3,X] {X>=3}; no more solutions 
L /= [1,2,3] ; no more solutions 
F == permut ; F == sort ; ... 



4 Implementation of 'T Oy 

At its outer level, TOy behaves as a small command interpreter to be executed 
within a Sicstus Prolog session. There are commands for compiling, running and 
editing programs, solving goals, showing type information, ... 

The core of TOy's implementation is a process of compilation to Prolog: 
any T Oy program is translated into a set of clauses that reproduce, when 
executed with Prolog, the expected behaviour of the source program under 
Toy’s own operational model. Common to all TOy programs are the clauses 
for constraint solving. For equality and disequality constraints (over constructor 
terms), reduction of arguments is interleaved with occur-check and check for 
constructor clashes. Disequalities with the form X/= t, where t is a construc- 
tor term, are in solved form and kept in a store, which must be ‘awoken’ if 
in a later step X becomes bound. For solving a linear constraint e o e' (with 
o G {<, >, =<, >=, ==, /=}), e and e' are reduced to normal forms t and t' and 
then the Sicstus linear constraint solver is invoked to solve tot' . When a compu- 
tation is finished, all the stored constraints are conveniently projected over the 
set of relevant variables for taking part in the answer. 

Some other clauses are heavily dependent on the source program. The most 
important ones are those which control the computation of head normal forms 
for function calls. They must use the rules of the source TOy program so that 
Toy’s demand driven strategy is reflected. For this purpose, we built the def- 
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initional tree (see of each function, from which the Prolog code is 

extracted. 

Although its performance is not very impressive, TOy easily supports the 
development of medium size programs. The largest T Oy program of which we 
are aware (a partial evaluator for functional logic programs) contains about 200 
function definitions and 1500 lines of TOy code. 
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1 Combining Unification Algorithms 

Equational unification algorithms can be used in resolution based theorem provers 
I I and rewriting engines Q to improve their handling of equality. Originally, the 
requirements of these theorem provers and rewrite engines were such that the 
unification algorithms had to compute complete sets of unifiers. But with the 
advent of constraint based approaches to theorem proving Q and rewriting Q 
the interest in unification algorithm that worked merely as decision procedures 
grew because minimal complete sets of unifiers can be very large - e.g., doubly 
exponential in the number of variables of the problem in the case of the theory 
AC - and are hence costly to compute. 

Because actual unification problems usually contain function symbols from 
several different signatures, the following comhination problem is an important 
task in unification theory: Given unification algorithms for equational theories 
El, E2 , . . . , En over pairwise disjoint signatures, provide a general method that 
gives a unification algorithm for the union Ei U E2 U . . . U E„ of these theories. 
Solutions for this problem were provided by Schmidt-SchauB and Boudet 
p] for the combination of algorithms calculating complete sets of unifiers and 
by Baader and Schulz p] for combining decision procedures. The combination 
algorithm presented in P| is mostly of theoretical interest, it contains many 
non-deterministic decisions, thus the search space that this algorithm spans is 
so huge, that it is unusable for practical implementations. Therefore the authors 
developed optimisation methods | for the combination algorithm by Baader 
and Schulz to gain an implementation that can be used in practise. This imple- 
mentation is UniMoK. 

UniMoK stands for UNification Module for Keim. It contains algorithms 
for unification in certain equational theories and it provides several combination 
methods for them. All combination algorithms in UniMoK are extensions and 
optimisations of the combination method by Baader and Schulz 

* This work was supported by a DFG grant (SPP “Deduktion”) and by the Esprit 
working group 22457 - GGL II of the EU. 



P. Narendran and M. Rusinowitch (Eds.); RTA’99, LNCS 1631, pp. 248-^^^ 1999. 
(c) Springer-Verlag Berlin Heidelberg 1999 



UniMoK: a System for Combining Equational Unification Algorithms 249 



2 Basic Algorithms 

The first aim of UniMoK is to provide an implementation of the combina- 
tion method by Baader and Schulz and suitable component algorithms for some 
theories. The combination method of Baader and Schulz requires component 
algorithms that can solve so-called Ei-unification problems with linear constant 
restrictions (LCR) for the component theories Ei to be combined. An Ai-unifica- 
tion problem with LCR consists of a set of equations E and a linear order < on 
the variables and constants of E where the terms in E are built from variables, 
free constants, and the signature of Ei. A substitution cr is a unifier of {E, <) 
if (t(s) =Ei <j{t) for all equations s = t G E and if (j{x) does not contain any 
constant a with x < a for all variables x G E. 

UniMoK offers algorithms for solving unification problems with LCR for the 
following equational theories: 

— the free theory (syntactic unification), 

— the theory A of an associative function symbol 

(with a depth bound, not the Makanin decision procedure), 

— the theory AC of an associative and commutative function symbol, 

— the theory ACI of an associative, commutative and idempotent function 

symbol, 

— the theory BR of Boolean rings. 

For most of these theories, the algorithm could be easily obtained by ex- 
tending an existing algorithm for unification with constants. For the theory of 
Boolean rings, a method for constant elimination (see |9) is used. 

All these algorithms were implemented as decision procedures and as algo- 
rithms computing complete sets of unifiers. The implementation of the combi- 
nation algorithm can cope with both kinds of algorithms, i.e., it can work as a 
decision procedure itself or compute complete sets of unifiers. 

The combination algorithm of Baader and Schulz can also be used to combine 
constraint solvers for so-called quasi-free structures Q. Unification algorithms 
are a special case of such constraint solvers. In order to use this property, compo- 
nent algorithms for rational trees and for feature structures were implemented. 



3 Optimised Algorithms 

The naive implementation of the combination method of Baader and Schulz is 
mostly for experimental purposes. Due to its large search space of non-deter- 
ministic choices this method is not useful for most practical problems. Therefore 
the authors developed an optimisation technique for this combination method 
called the deductive method The implementation of this deductive method 
is the central and most interesting part of UniMoK. In short, many decisions 
in the combination algorithms need not be non-deterministically guessed but 
can be deduced on the base of one of the component theories involved, the 
unification problem given, and other decisions already made. Hence the deductive 
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combination algorithm consults the component theories, if they can deduce that 
certain decisions have to be made deterministically in order for their subproblems 
to remain solvable. If a component returns such a decision, this decision might 
enable other components to deduce further decisions. If this process comes to 
an end before all decisions have been made, the combination algorithm has to 
make a non-deterministic choice. With this choice it can consult the components 
again. 

The method obviously demands special deductive component algorithms that 
can deduce such decisions. An equational theory for which only a unification 
algorithm for problems with LCR exists, can still be used in this combination 
method but it does not contribute to the deductive process. UniMoK provides 
component algorithms computing decisions for the free theory and the theories 
A, AC, and ACI, for rational trees and feature structures. It also contains general 
algorithms for collapse-free and regular theories. 

Due to its modular, object-oriented approach, UniMoK is simple to extend. 
To add a new equational theory E, one has to provide a method for deciding 
A-unification problems with LCR. In order to contribute to the optimisation, 
there should also be a method for participating in the deductive process. This 
is a method that takes a unification problem and a partially specified linear 
constant restriction as input and returns more information on the decisions to 
be made. 

4 Implementation and Experimental Results 

UniMoK is implemented in Common Lisp on base of the theorem prover devel- 
opment tool box Keim Q. Keim is an open, modular, object-oriented system 
geared towards ease of use and extensibility, rapid prototyping and universality. 
It is not designed towards run-time efficiency. To use UniMoK, an installation 
of Keim is required. UniMoK, thereby, becomes a part of Keim, and theorem 
provers developed in Keim can use UniMoK for equational unification. In op- 
posite to Keim, a major design goal behind UniMoK is the development of 
efficient code. Basically, all that is needed from Keim is the module for first or- 
der terms which could possibly be replaced with sustainable effort by something 
more efficient, if needed. 

Experimental results show that it is crucial for the deductive combination 
method in which order the remaining non-deterministic decisions are selected. In 
P the authors presented the so-called iterative strategy, which chooses all non- 
deterministic decisions for one component first before proceeding to choices for 
the next component. Run time tests in Q showed that this strategy is superior 
for the example problems used there. 

However, new run time tests show that this is not true in general. The fol- 
lowing table contains sets of example problems solved with the deductive combi- 
nation method. The problems are randomly generated on the base of a signature 
containing several A, AC, ACI and free function symbols. Each set contains 200 
problems; roughly half of the problems in each set are unifiable. All run times 
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are in seconds. The ‘bktrk’-column gives the number of backtracking steps. 
Ded+Iter Ded Ded+Iter Ded 





time 


bktrk 


time 


bktrk 




time 


bktrk 


time 


bktrk 


1 


816 


1953 


81 


152 


11 


20 


7 


21 


10 


2 


232 


780 


>lh 




12 


21 


8 


21 


8 


3 


330 


800 


1158 


1982 


13 


32 


50 


31 


30 


4 


58 


250 


42 


110 


14 


21 


47 


26 


22 


5 


1362 


3971 


141 


401 


15 


154 


394 


3931 


12335 


6 


>lh 




103 


295 


16 


26 


50 


30 


31 


7 


676 


2217 


189 


689 


17 


319 


1116 


83 


147 


8 


19 


1 


19 


1 


18 


1250 


2627 


44 


107 


9 


67 


33 


75 


33 


19 


178 


462 


58 


169 


10 


16 


1 


15 


1 


20 


99 


414 


43 


159 



For some sets, e.g., sets 1, 5, and 6, the iterative strategy (‘Ded+Iter’) is 
much worse than the default strategy (‘Ded’) where all decisions of a certain 
kind (i.e., identifications; see Q) are made first; for other sets (2, 3, 15) the 
iterative strategy is still superior. 

Further experiments are needed to develop a strategy combining the strengths 
of both strategies. Making the component theories choose the next non-deter- 
ministic decision might be another option to enhance the selection strategy. 

UniMoK is available at http://www-lti.informatik.rwth-aachen.de/ 
F or schung/ unimok . html . 
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1 Introduction 

Fast rewriting is needed for equational programming, rewrite based formal verification 
methods, and symbolic computing systems such as Maple/Mathematica. In any imple- 
mentation of rewriting techniques efficiency is a critical issue At the University of 
Houston we have been developing and evaluating the LR^ system for fast rewriting for 
the last several years. There are two motivations for LR^: we plan to use it for formal 
verification approaches that include rewriting, and as a testbed for innovating rewriting 
algorithms that are fast and efficient in practice. 

LR^ consists of a term graph interpreter TGR, and a term graph rewriter that stores 
the history of its reductions, called Smaran| based on the congruence closure ap- 
proach I ■ - 1 . The input to LR^ is a program representing a convergent rewrite system 
(a different version allows orthogonal systems) and an input term. Similar to algebraic 
specification languages like OBJ, ASF-i-SDF and ELAN a program is composed from 
modules. Each module defines its own signature and rewriting rules. A module can im- 
port other modules. Terms in LR^ are written in prefix form. The language of LR^ 
contains built-in datatypes, viz., integers, floating-point numbers, booleans, characters, 
sets, multisets, and strings with associated operations. The set datatype supports the 
usual operations. The string datatype supports membership and indexing operations. 

LR^ also includes a variant detector that can determine if a new term is an alpha- 
betic variant of an existing term, which is currently usable with the history option. If so, 
the appropriate variant of the result computed for the existing term is used for further 
rewriting instead of starting from scratch. LR^ also allows a compact form for storing 
lists of arithmetic progressions as these occur frequently. Instead of storing the entire 
list, LR^ stores the initial value, the final value and the difference. LR^ provides a set 
of commands so that it can be called by other systems using UNIX message passing. 

LR^ provides a variety of options to control the amount of history that is stored, 
if the user chooses the history option. The default using Smaran is to save the results 
of each rewrite step in a compact data structure. The language of LR^ allows annotat- 
ing specific functions with the keyword “memo”. This allows to save all the results of 
rewriting terms that have the specified function symbol at the root. The Delete (history) 
option in LR^ allows to delete the entire history of rewrites performed so far except for 
the given term and its latest reduct after every rewrite step, where i can be specified 
by the user. Another option is to delete the entire history except the given term and the 
latest reduct as soon as the free user memory drops to a user-specified percentage of 

* Partially supported by NSF grant CCR-9732186 

* A preliminary version of Smaran with fewer options was demonstrated at RTA 93. 

R NarendranandM. Rusinowitch (Eds.): RTA’99, LNCS 1631,pp. 1999. 
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total available memory. Options can be combined in any way to suit the application. 
However, the delete option overrides the other options. 

Operators can be declared AC in LR^. However, currently only left-linear rules 
with AC operators can he handled; the matching algorithm for nonlinear rules with AC 
operators is in the testing phase. In the next section we discuss selected optimizations, 
and in Section 3 we present some performance results and comparisons. 



2 Select Optimizations 

In the design and implementation of LR^ we have attempted to achieve efficiency 
through both high-level optimizations such as the normalization strategy reported ear- 
lier in 13] and also low-level optimizations such as encoding all strings hy integers to 
replace string operations with less expensive integer operators Q]- For lack of space, 
we mention here only a few of the key optimizations in LR^. 

For the Smaran subsystem, we experimented with alternative representations and 
chose the most efficient one. We have replaced the earlier use of several large arrays, hy 
a more dynamic data structure that uses a single array, with interconnected lists for each 
class, and balanced search trees. A signature is stored only in one location and all other 
data structures address this location. We changed the components of a signature from 
class numbers to actual pointers to other signatures. A union operation is a constant- 
time operation implemented by setting a pointer from the root of one class to the root 
of the other. Of course, after several union operations, the chains of pointers that must 
be followed can become quite long. Hence we employ the standard technique of path 
compression on these chains, when obtaining the class number of a signature. 
Bottom-up algorithms. The second optimization that is crucial to the efficiency of 
built-in datatypes is the use of bottom-up algorithms for computations involving the 
built-in datatypes. The result of this change can be seen for instance in the Fibonacci 
program, which requires relatively more arithmetic computations than reductions. Here 
the speed-up over the previous version ranges from 5 to 10 depending on the input term. 
Matching and Construction of Signatures. The third major optimization is the use of 
discrimination trees for matching in LR^, with a variable list for keeping track of the 
substitutions for variables to handle consistency checks. The discrimination tree repre- 
sentation is novel in that we do a breadth-first scan of the set of rules and each level of 
the tree is linked to eliminate expensive recursive calls. Since all strings are encoded as 
integers in LR^, the integer encodings for the variables, which are saved in the record 
for the variables, are used for indexing into the variable list. The use of discrimina- 
tion trees gives substantial reduction in time for large sets and/or terms requiring over 
50000 reductions. For example, for the input term sieve{from{2, 2000), 500), which 
constructs a list of 2000 numbers starting from 2 and then extracts up to 500 primes 
from it, the reduction time is almost 25% when discrimination trees are used. We have 
also adopted a dual representation of rules in LR^ in which the left-hand sides are stored 
top-down and right-hand sides are stored bottom-up. With this representation construc- 
tion of the right-hand side instance for TGR or its signature for Smaran on a successful 
match is accomplished more efficiently in a bottom-up manner without any expensive 
recursions. Finally, we have implemented incremental matching algorithms in LR^ for 
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enhanced efficiency in theorem proving applications. In such applications, new rules 
may be created or existing rules deleted, hence we have designed the discrimination 
tree structure so that it can efficiently support deletion and insertion operations. 
Dependency lists. The fourth optimization that is crucial to the Smaran subsystem in 
LR^ is the handling of dependency lists. To update signatures when a class is unioned 
with another class, we associated a dependency list with each class in Smaran. All 
signatures to be updated when this class changes are put on its dependency list. The 
previous version of Smaran handled dependency lists in an eager manner. 

In the latest version we have modified the structure and implemented a lazier algo- 
rithm. One optimization is that we identify classes on which potentially large number 
of signatures can depend, e.g., the classes containing the boolean constants true and 
false, and do not create dependency lists for these classes and ensure that these classes 
are not merged into any other class. More importantly, we take into account the sizes of 
the dependency lists to decide which class to union into the other. This turns out to be 
more efficient than weighted union with the sizes of the classes. We also keep track of 
a signature’s location in the dependency list to avoid subsequent searches. 

Memory Allocation and Hashing. LR^ recycles space using free lists for various data 
structures and it has its own memory allocation and deallocation routines. Finally, for 
the hashing of strings and signatures we use improved hashing algorithms that are ef- 
ficiently computable. Practical studies have shown that we get better distribution of 
values with fewer collisions with the new algorithms. These involve the use of random- 
ization. 

3 Results and Comparisons 

Because of space limitations, we present only a few experimental results to illustrate the 
level of efficiency achieved by LR^. LR^ is implemented in C and runs on Sun/DEC 
workstations. Table 1 summarizes results for four benchmarks: Fib - naive fibonacci, 
huff - to compute huffman codes for a hie containing n distinct characters, qsort 
- quicksort program for a list of n numbers, and primes - naive sieve for hrst n 
prime numbers. Input for primes is siefe(/rom(2, 6000), 800). Construction of the 
list from{2, 6000) takes 1.42 seconds for Smaran and 0.42 seconds for TGR and is 
included in the results. Results for quicksort are for the worst case. Note that history is 
not useful at all for huff, primes, and qsort. To illustrate the options of LR^, we ran 



Program 


TGR (s) 


Classes 




Reductions 


Computations 


Fi6(800.0) 


- 


1604 


1.99 


1602 


3198 


huff(700) 


18.38 


167803 


22.74 


327585 


163675 


qsort(500) 


16.01 


254004 


33.77 


628253 


250501 


primes(800) 


21.46 


326836 


39.72 


651314 


656529 



Table 1. Experimental Results 



it with the history and delete options but all functions except a dummy were specihed 
“no memo” for sieve{from{2, 20000), 2500) achieving: reductions 5259141, compu- 
tations 5276867, number of classes 272643, in 219.64 seconds. 
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Comparison with other systems. We understand the difficulties of comparing software 
systems using experimental results, which can he sensitive to the choice of benchmarks, 
architectures, etc. However, to illustrate the level of efficiency achieved by LR^ we 
compared it with other interpreters. In particular, we compared LR^ with the ELAN 
interpreter on several benchmarks including those listed in Table 1 and found that LR? 
with history option is between 15 to 80 times faster for linear list reversal with list 
sizes ranging from 1000 to 4000, for primes LR? (with history) is about 15 times 
faster for first 500 primes, and similar results were obtained for other programs] We 
also compared LR? with the Reveal (version 1.0) prover written in C. Results for some 
completion examples distributed with Reveal are summarized in Table 2. Since Reveal 



Example 


Reveal 


Reveal+Smaran 


Reveal+TGR 


exgroup 


0.7 


0.5 


0.3 


exgroupl 


0.5 


0.4 


0.4 



Table 2. Experimental Results (in seconds) of Comparison with Reveal 



does not have built-in arithmetic we tried only a linear list reversal program and found 
that Reveal took total time of 22.91 seconds to reverse a list of 150 elements versus 
LR^’s (with history) total timings of 1.2 seconds. 

4 Discussion and Future Work 

In this paper we have presented LR^ along with some useful extensions and optimiza- 
tions. We have developed some ideas on how to statically analyze rewrite systems and 
determine those functions for which history is likely to be useless and those for which 
history could be useful Q. We plan to incorporate these in future versions of LR^ along 
with lazier handling of dependency lists, more sophisticated reduction strategy Q, and 
more flexibility to the user in choosing strategies. 

Acknowledgements. We thank K.B. Ramesh, S. Kolli for initial work on Smaran. 
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Abstract. A term rewriting system is called growing if each variable 
occurring both the left-hand side and the right-hand side of a rewrite rule 
occurs at depth zero or one in the left-hand side. Jacquemard showed 
that the reachability and the sequentiality of linear (i.e., left-right-linear) 
growing term rewriting systems are decidable. In this paper we show 
that Jacquemard’s result can be extended to left-linear growing rewriting 
systems that may have right-non-linear rewrite rules. This implies that 
the reachability and the joinability of some class of right-linear term 
rewriting systems are decidable, which improves the results for right- 
ground term rewriting systems by Oyamaguchi. Our result extends the 
class of left-linear term rewriting systems having a decidable call-by-need 
normalizing strategy. Moreover, we prove that the termination property 
is decidable for almost orthogonal growing term rewriting systems. 



1 Introduction 

The original idea of growing term rewriting systems was introduced by Jacque- 
mard for giving a better sufficient condition for sequential rewriting systems. 
A term rewriting system is called growing if each variable occurring both the 
left-hand side and the right-hand side of a rewrite rule occurs at depth zero or 
one in the left-hand side. Jacquemard ^3 proved the preservation of recogniz- 
ability by linear growing term rewriting systems By using this result, he showed 
that the reachability and the sequentiality of linear (i.e., left-right-linear) grow- 
ing term rewriting systems are decidable. Similar decidable properties have been 
shown in 

In this paper we extend Jacquemard’s result to left-linear growing term 
rewriting systems that may have right-non-linear rewrite rules. The key idea in 
our proof is to construct deterministic tree automata instead of non-deterministic 
ones in The deterministic behavior of tree automata allows us to remove the 
right-linear restriction from growing term rewriting systems. This implies that 
the reachability and the joinability of a term rewriting system TZ are decidable if 
the inverse system is left-linear growing. This result extends the result by 
Oyamaguchi Q that the reachability and the joinability of right-ground term 
rewriting systems are decidable. 

Our result gives a better approximation of term rewriting systems, which 
extends the class of orthogonal term rewriting systems having a decidable call- 
by-need strategy Moreover, we prove that termination for almost or- 

thogonal growing term rewriting systems is decidable. Our proof uses Gramlich’s 

P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 256-^^^ 1999. 

@ Springer-Verlag Berlin Heidelberg 1999 



Decidability for Left-Linear Growing Term Rewriting Systems 257 



theorem that a weakly innermost normalizing TRS TZ is terminating if ev- 
ery critical pair of 7?. is a trivial overlay. Thus the decidability of termination 
is proven by showing that the set of all ground terms having normal forms by 
innermost reduction is recognized by a tree automaton for left-linear growing 
term rewriting systems. 

This paper is organized as follows. Section 2 gives the definitions of term 
rewriting systems and tree automata. In Section 3, we show the recognizability 
concerning left-linear growing term rewriting systems. Using this result, Section 4 
shows that the reachability and the joinability of right-linear term rewriting 
systems are decidable if the inverse of them are growing. In Section 5, we extend 
the class of orthogonal term rewriting systems having a decidable call-by-need 
strategy. Section 6 proves that termination for almost orthogonal growing term 
rewriting systems is decidable. 

2 Preliminaries 

2.1 Term Rewriting Systems 

We mainly follow the notation of Let IF be a finite set of function symbols 

denoted hy f, g, h, , and let V be a countably infinite set of variables denoted 
by a;, y, z, . . . , where J-C\V = (f). The set of all terms built from T and V is denoted 
by T(iF, V). The set of variables occurring in a term t is denoted by V(t). Terms 
not containing variables are called ground terms. The set of all ground terms 
built from !F is denoted by T (J-) . A term t is linear if every variable in t occurs 
only once in t. Identity of terms is denoted by =. 

If p is a position in t then t\p denotes the subterm of t at p. A subterm s of 
t is proper if s ^ t. We write s C t to indicate that s is a proper subterm of t. 
t[s]p denotes the term obtain from t by replacing the subterm t\p with s. If t has 
an occurrence of some variable x then we write x G t. 

A substitution ct is a mapping from V into T(fF,V). Substitutions are ex- 
tended into homomorphisms from T(lF, V) into T(lF, V). We write ta instead of 
a(t). A term s is an instance of a term t if there exists a substitution a such 
that s = ta. 

A term rewriting system (TRS) 7?. is a finite set of rewrite rules. A rewrite rule 
is a pair {I, r) of terms. (We do not assume that I ^ V and any variable in r also 
occurs in L) We write I r for (/, r). An instance of the left-hand side of a rewrite 
rule is a redex. The rewrite rules of a TRS TZ define a reduction relation — >7^ on 
T(lF, V) as follow: t s iff there exist a rewrite rule I ^ r G TZ, a position p in 
t and a substitution a such that 7|p = la and s = t[ra]p. The transitive-reflexive 
closure of is denoted by ^7?,. The inverse relation of is denoted by 
A normal form is a term without redexes. We say that t has a normal form if 
t — >7j s for some normal form s. A TRS TZ is terminating {strongly normalizing) 
if there exists no infinite reduction sequence to ti — >7^ t 2 • • •. A TRS TZ 

is weakly normalizing if every term has a normal form. 

A rewrite rule I r is ground {linear) if I and r are ground (linear). A rewrite 
rule I ^ r is left-linear {right-linear) if I (r) is linear. A TRS TZ is ground {linear, 
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left-linear, right-linear) if every rewrite rule in TZ is ground (linear, left-linear, 
right-linear) . 

Let I — > r and I' r' be two rules of TZ. We assume that they are renamed 
to have no common variables. Suppose that p is a position of I such that l\p ^ V 
and I' are unifiable with a most general unifier a. Then the pair {l[r']pa,r'cr) is 
called a critical pair oi TZ. li I r and I' — > r' are the same rule, then we do 
not consider the case p = e. A critical pair (/[r'jpcr, r'a) with p = e is an overlay. 
A critical pair (t, s) is trivial ii t = s. An orthogonal TRS is a left-liner TRS 
without critical pairs. A left-linear TRS is almost orthogonal if all its critical 
pairs are trivial overlays. 

2.2 L?-terms 

Let TZ he a, TRS. We add a new constant fl to T. The set 'T{T U {17}, V) is 
abbreviated to Tq. Elements of Tq are called fl-terms. We say that an 17-term 
t is a normal form if t does not contain neither redexes nor I7’s. The set of all 
normal forms is denoted by NFtj,. t^ denotes the 17-term obtained from t by 
replacing all variables in t with 17. The prefix ordering < on Tq is defined as 
follows: (i) 17 < t for all t G Tq, (ii) /(si, . . . , Sn) < f{ti, ■ ■ - ,tn) if Si < ti for 
any 1 < z < n, (iii) x < x for all x G V. Two 17-terms t and s are compatible, 
written t { s, if there exists an 17-term r such that t < r and s < r. In this case 
the least upper bound of t and s is denoted by t U s. 

2.3 Tree Automata 

A tree automaton is a tuple A — {T , Q, , A) where 7^ is a finite set of function 
symbols, Q is a finite set of states, C Q is a set of final states and A is 
a set of ground rewrite rules of the form f{qi, . . .,qn) q or q ^ q' where 
/ G T, qi, . . ., qn, q, q' G Q. The latter rules are called e-rules. We use — for 
the reduction relation on T(iF U Q). A term t G TT(T) is accepted by A if 
t ^.4 q for some q G Qf. The tree language L{A) recognized by A is the set of 
all terms accepted by A. A set L is recognizable if there exists a tree automaton 
A such that L = L{A). A tree automaton A is deterministic if there are neither 
e-rules nor different rules with the same left-hand side. A tree automaton A is 
complete if there is at least one rule f{qi , . . . , qn) ^ q in A for all f G IF and 
qi, ... ,qn G Q. The following properties of tree automata are well-known m. 

Lemma 1. The class of recognizable tree languages is closed under union, in- 
tersection and complementation. □ 

Lemma 2. The emptiness problem for tree automata is decidable. □ 

Note. In this paper, we regard pairs of terms as rewrite rules without restric- 
tions. Hence the left-hand side of a rewrite rule may be a variable and the right- 
hand side of a rewrite rule can have a variable not occurring in the left-hand side. 
This is convenient for approximations of TRSs. Moreover, we consider rewriting 
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on ground terms only. Replacing every variable in terms with a fresh constant, 
rewriting on non-ground terms can be simulated by that on ground terms. Thus 
this restriction entails no loss of generality and would simplify matters. 

3 Left-Linear Growing TRSs 

The definition of growing was given by Jacquemard in He showed that if 
TZ is & linear growing TRS then the set { t G T (IF) \ 3s G L t s } is 
recognizable for every recognizable tree language L. In this section we improve 
this result by replacing linear growing with left-linear growing. 

In the following definition, unlike Jacquemard, we do not assume the linearity 
for growing TRSs. 

Definition 3. A rewrite rule I ^ r is growing if all variables in V(^) H V(r) 
occur at depth 0 or 1 in /. A TRS TZ is growing if every rewrite rule in TZ is 
growing. 

Example 1. Let 

7? = / fU{x,y),z) f{z,g{z)) 

Then TZ is growing. But the following TZ' is not growing. 

td! f{x,g{z)) 

\5(a;) ^ f{g{y),z). 

Let ii be a binary relation on a set A and let B C A. Then we define R{B) 
as{yGA\3xGB (x,y) G R}. Now, we are ready to prove our main result 
that if 7?. is a left-linear growing TRS then the set (A7^)(T) = {iGr(.F) |3 sG 
L t s } is recognizable for every recognizable tree language L. 

Let 7?. be a left-linear growing TRS and let L be a tree language recognized 
by Al = {TF,Ql,Ql, Al). We now construct a tree automaton recognizing 
from TZ and Al- Let C = {I G T{T, V) | ^ V, ^ r G 7?. }. 

Then every term in C is linear because of the left-linearity of TZ. Since the set of 
all ground instances of a linear term is recognizable we have an automaton 
Al = {T, Qi, Q{ , Al) with L{Ai) = { la \ a : V T'{T) } for each I G C. Without 
loss of generality, we assume Qa (3 Qb = (p for any a, 6 G {L} U £ with a b. 
The tree automaton Au = {A, Qu, Qu, ^u) is defined by Qu = U/ez; Ql, 

Qu = Ql and Au = U/g£ 

Starting from Aq = Au, Jacquemard’s method in Q constructs non-deter- 
ministic tree automata Aq, Ai, A 2 , . . ., which can define a non- deterministic tree 
automaton Ak as limAi since the number of states is bounded. Then the ob- 
tained Ak accepts (<— tj)(L) Q. However this method does not work for left-liner 
growing TRSs. Since the right-hand sides of rewrite rules of left-linear growing 
TRSs may have multiple occurrences of variables, a subterm in a redex can be 
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duplicated through rewriting. However the non- deterministic tree automaton Ak 
does not guarantee to reduce the same duplicated subterm to the same state. 
Thus it cannot trace rewriting by non-right-linear rewrite rules. 

The above observation naturally leads us to deterministic tree automata con- 
struction for tracing the behavior of left-linear growing TRSs. A naive construc- 
tion method is to transform an induced non-deterministic automaton into the 
deterministic automaton at each step in Jacquemard’ one However, this 
method can not guarantee lim Ai because the transformation explodes the num- 
ber of states, in fact it requires exponentially many states. To prevent this state 
explosion we carefully construct deterministic tree automata Ao, Ai, A 2 , ■ ■ - Ak 
as follows, using a fixed set of states. 

Let Ao = {if, Q, Aq) where Q = 2^^, Qf = { A G Q \ AhqIj ^ 4> } and 
Aq contains the following rules: 

f{Ai , , An) —>• A 

A A = { q G Qu \3qiG Ai,...,3qnG An f{qi ,-..,qn) ^Au 9 }• 

For 0 < i < k, Ai+i — (IF, Q, Qf, A^+i) {Ak = (IF, Q, Q^, Ak)) is obtained from 
Ai as follows: 

— If there exist f{Ai , . . . , A„) A G Ai, I ^ r gTZ and A' G Q satisfying the 
following Condition 1 or 2: 

• Condition 1: 

1 . I = f{li, . . . , In), 

2. for each 1 < j < n, Ij ^ V implies A n Q(, ^ (^, 

3. there exists 9 : V ^ Q such that 

(a) r9 A', 

(b) for each x G r, A x = Ij for some j then x9 = Aj, 

otherwise t x9 for some t G T{T), 

4. Ac AVJ A' (i.e., A\J A' properly includes A), 

• Condition 2: 

F. I G V, 

2' . there exists 0 : V — > Q such that 

(o') r9 A', 

{b') for each x G r, if x = I then x9 = A, 

otherwise t A^Ai x9 for some t G T{fF), 

3'. A C Ac A' (i.e., AC A' properly includes A), 
then Z\i+i = (Z\i\{/(Ai, . . . , An) A}) U {/(Ai, . . . , A„) ^ A U A'}. 

— Otherwise, Ak = Ai. 

From 4 of Condition 1 and 3' of Condition 2, it is clear that the process 
of construction terminates. 



Example 2. Let 
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Let L = {g{a,b)} and Al = where Ql = {?a, 96 , 9 /}, = 

{ 9 /} and Al = {a ^ qa,b qb,f {qa,qb) 9/}- Then /({ 9 a, 96 }) ^ $ G 
Z\o, f{x) g{x, x) G TZ and { 9 /} G Q satisfy Condition 1 because we have 
9 ({ 9 a, 96 }, { 9 a, 96 }) i^f}' Thus we can first replace the right-hand side of 

/({ 9 a, 96 }) ^ <t> with { 9 /}. Next the right-hand side of a — > {qa} G Z\i can 
be replaced with { 9 a, 96 }- Consequently, we obtain Ak = A 2 - The term /(a) in 

{^n){L) is accepted by A because /(a) fiUa, 96 }) ^Ak Uf} G ■ Note 
that /(a) is not accepted by the automaton generated by the method in 

In the following we prove that L{Ak) = We write t 9 if 

t -^Ti s 9 for some s G T (iF) . 

Lemma 4. Let t G T(lF, V), d : V ^ Q and cr : V — > IT(iF) such that xa 
■ ~^Au 9^ for any x G t and 9 ' G x0. For each 0 < z < fc, if -^Ai A G Q then 
to- q for any q G A. 

Note. In the above claim the condition “xa A^-ji ' 9^ for any x G t and 

9 ' G x9” cannot be replaced with a simpler form “a;(T x6 for any x G 

because the first condition means Wx G t,yq' G x9, 3s G T{T)[xa A^ns 9^ 
but the second one means \/x G t,3s G T{tF),\/q' G x9[x(j A^ns q'], which 
is different from the first one. 

Proof. We prove the lemma by induction on i. 

Base step. We use induction on the structure of t. The case t = x is trivial. 
Let t = f{ti,...,tn)- Assume t9 = f{ti,...,tn)9 ^^0 /(Ai,...,A„) A. 
Let q G A. Then by the definition of Aq there exist 91 G Ai , . . . , G A„ such 
that /(( 7 i, . . . , 5 „) -^Au 9 - f^y induction hypothesis, for each 1 < / < n there 
exists Sj such that tjO AUn Sj qj. Thus we have ta = f{tia, . . . , tno) AUn 

/(si,...,s„) f{qi,...,qn) A^Au 9- 

Induction step. Let /(Ai,...,A„) ^ A' G Ai\Ai-\. We use induction on 
the number m of reduction steps using this rule in the reduction t9 A^Ai A. If 
m = 0 then t9 A^Ai-i A. Thus it follows from induction hypothesis on i that 
to- A^tz ■ A^Au 9 for any q G A. Let m > 0. Suppose 

t9 = t9[f(ti ,..., tn)9]p A^Ai-i t9[f(Ai ,..., An)]p ^Ai t9[A']p A^Ai A. 

Let i = t[z]p where z ^ t. We define 9 : V ^ Q and a : V ^ A'(tF) as follows: if 
X = z then x9 = A' and xa = /(ti, . . . , tn)a., otherwise x9 = x9 and xa = xa. 
Clearly t9 = t9[A']p and ta = ta. We will show the following claim: 

xa A^tz • 9 for any x G i and 9 G x9. 

Then by applying induction hypothesis on m to t9 = t9[A']p A^Ai A, we can 
obtain ia = ta Aj,tz ' 9 for any q G A. Thus the lemma holds. 

Proof of the claim. Let x G t. li x ^ z then it follows from the assumption 
of the lemma that xa A^-jz ■ 9 for any q G x9. We consider the case 
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X = z. Assume that /(Ai,...,A„) — > A'^ S Ai_i, I ^ r £ TZ and A '2 £ 
Q satisfy Condition 1 or 2 and A' = A\ U Since f(ti,...,tn)d 
/(Ai, . . . , An) ^i! it follows from induction hypothesis on i that 

Q for any 9 SA'^. ( 1 ) 

We distinguish two cases. 

Case 1. Condition 1 is satisfied. Let I = f{li , . . ,,ln). By applying induction 
hypothesis on i to tj9 '^Ai-i Aj for 1 < j < n, we obtain tja 9 i^or 

any q £ Aj. For each 1 < j < n, let Sj be a term such that if Ij £ V then 

Sj = tja, otherwise tja Sj q £ Q{.- ^From the disjointness of the sets 
of states, Sj 9 ^ Qi implies Sj -^Ai. 9 & Q{.- Hence f{si,...,Sn) is an 

instance of I by the linearity of 1. Let 0' : V — > Q be a substitution defined by 3 
of Condition 1. Let ct' : V — > T{!F) be a substitution such that for any y £ r 
if y = Ij for some j then ya' = Sj, otherwise ya' -^Ai-i y(^' ■ Then from the 
growingness of TZ we have the reduction /(si, . . . , s„) — Furthermore, we 
can see ya' -^Ai-i yS' for any y £ r. Therefore, by induction hypothesis on i, 
ya' q for any y £ r and q £ yO' . Applying induction hypothesis on 

i to rO' -^Ai-i A 2 , it is obtained that ra' q for any g G A^. Thus, 

since f{ti , . . . , tn)a -^-ji ra', we have 

f{ti,...,tn)a ■ ^Au Q foranyqeA^. ( 2 ) 

Because z9 = A' = A!-^ U A 2 and za = f{ti , . . . , tn)a, it follows from Q and Q 
that za -^Tz ' 9 9 G z9. Therefore the claim holds. 

Case 2. Condition 2 is satisfied. Let 0' : V — *■ Q be a substitution defined 
by 2' of Condition 2. Let a' ^ be a substitution such that for any 

y £ r if y = I then ya' = f(ti, . . . ,tn)a, otherwise ya' '^Ai-i y(^' ■ Using Q 
and induction hypothesis on i, we obtain ya' ^tz ■ 9 ^or any y £ r and 

q £ y9' . Applying induction hypothesis on i to r9' ^Ai^i A 2 , it is obtained that 
ra' ^Tz ■ 9 for any q £ A^. Since f{ti tn)a ra' , 

f{ti tn)a ^Tz ■ ^Au 9 for any q £ A' 2 . (3) 

Therefore, it follows from Q and Q that za -^ 7 ^ • q for any q £ z9. Hence 
the claim holds. □ 

Lemma 5. L(Ak) C (<^-,z)(L). 

Proof. Let t £ L(Ak) i.e., t -^Ak ^ for some A £ . By the definition of , 

A has a final state q of Al. ^From LemmaH there exists s £ T(iF) such that 

t ^Tz s 9 - b^y bhe disjointness of the sets of states, we have s ~^Al 9 £ Ql- 
Thus t £ {^^tz){L). □ 
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Lemma 6 . Let t € T(iF, V). Let 6, 6' : V ^ Q with xO C xO' for any x G t. If 
to A G Q then tO' ^Ah for some A' G Q with A C A' . 

Proof. We prove the lemma by induction on i. 

Base step. We use the induction on the structure of t. The case t = a; is trivial. 
Let t = /(ti, ...An)- Then we assume /(ti, . . . , /(Ai, . . . , A„) 

^ G Q. By induction hypothesis, for each 1 < j < n there exists A'j G Q 

such that tj O' Af and Aj C A'j. By the definition of Ao, Aq has a rule 
f{A '^,. . . , ^ A with A C A'. Then by the construction of Ak, Ak has a 

rule /(A^, . . . , A^) ^ A" with A' C A". Thus we obtain /(ti, . . . , tn)0' -^Ak 
f{A'i , . . . , A^) ^Ak A" and A C A". 

Induction step. We use the induction on the structure of t. The case t = x 
is trivial. Let t = f{ti, ...,tn)- Assume /(ti, . ■■,tn)6 /(Ai, . . . , A„) ^Ai 

A G Q. By induction hypothesis on the structure of t, for each 1 < j < n there 
exists A'j G Q such that tjO' -^Ak A'j and Aj C A'. Since Ak is deterministic and 
complete, there exists exactly one A' G Q such that f{A'^, . . ., A^) ^ A' G Ak. 
We will show A C A'. If /(Ai, . . . , A„) A G Ai-i then from induction hy- 
pothesis on i it follows that A C A'. Otherwise, we assume that /(Ai, . . . , A„) ^ 
Bi G Ai-i, I ^ r gTZ and B2 G Q satisfy Condition 1 or 2 and A = i?i U B^. 
From induction hypothesis on i, we get Bi C A'. We distinguish two cases. 

Case 1. Condition 1 is satisfied. Let I = f{li, ...,ln) and let 6*1 : V — *■ Q 
be a substitution defined by 3 of Condition 1. Then let 62 be a substitution 
from V to Q such that for every x G r if x = Ij then x02 = A'j, otherwise 

t -^Ak ^02 for some t G T{fF) with t -^Ai-i xOi. Using induction hypothesis on 
i, we can show that x8i C x02 for every x G r. Applying induction hypothesis 
on i to rOi -^Ai-i B2, we obtain r 02 -^Ak ^2 some B'2 G Q with B2 C B'2. 
Therefore f{A'^,...,A'^) A' G Ak, I ^ r G TZ and B'2 G Q satisfy 1,2 
and 3 of Condition 1 . By the construction of Ak, they must not satisfy 4 of 
Condition 1. Thus we have A' = A' U B^. Hence A = Bi U B2 C A' U B2 = A' . 

Case 2. Condition 2 is satisfied. Let Q\ : V ^ Q be a substitution defined 
by 2' of Condition 2. Then let 02 : V — > Q be a substitution such that for every 
a; G r if a; = ^ then XO2 = A' , otherwise t -^Ak ^^2 for some t G T(lF) with 
t a;0i. Using induction hypothesis on i, we can show that yOi C j /02 for 

every y G r. Applying induction hypothesis on i to rOi B2, we obtain 

r02 '^Ak B'2 for some B'2 G Q with B2 C B'2. Thus /(A'^, . . . , A^) ^ A' G Ak, 
I ^ r G TZ and B'2 G Q satisfy 1' and 2' of Condition 2. By the construction 
of Ak they must not satisfy 3' of Condition 2, i.e.. A' = A' U B'2. Hence 
A = Hi U H 2 C A' U = A'. □ 



Lemma 7. Let t G and t A G Q- If ^ 9 ^ Qu then q G A. 

Proof. Since Ao is complete, there exists A' G Q such that t A'. By induc- 
tion of the structure of t, we can show that A' = { q G Qu \ t 9 }• Thus, 
if t A^a^jQ G Qu then q G A' . Because Ak is deterministic, we get A' C A by 
LemmaO Hence q G A. □ 
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Lemma 8. L(A) 2 {■^n){L). 

Proof. Assume that t — s for some s G L. We show that t € L(Ak) by 
induction on the length m of this reduction. If m = 0 then t G L. Thus t q 
for some q G Since Ak is complete, there exists A G Q such that t 
According to Lemma H q G A and therefore A € . Hence t G L{Ak)- Let 

m > 0. Then we assume that 

t = t[la]p t[ra]p s G L 

with I ^ r G TZ. By induction hypothesis, t[ra]p is accepted by Ak- Since Ak is 
deterministic, there exists 6* : V — > Q such that 

t[ra]p t[r0]p ^a^ t{^]p ^Ak B G 
where A G Q. By completeness of Ak, we assume that 

t = tn)]p -^Ak ,...,An)]p ^Ak -^Ak B' gQ 

where f(Ai , . . . , A„) — > A' £ Ak and n > 0. We consider the following two cases. 
Case 1. I = f{li, . . . ,ln)- If ^ V then tj is accepted by Ai^ and thus Aj has 

q G Q(. by LemmaH Because Ak is deterministic, for any x G r, x = Ij implies 
x6 = Aj. Therefore /(Ai, . . . , A„) A' G Ak, I ^ r G TZ and A G Q fulfill 1, 
2 and 3 of Condition 1 . By the construction of Ak, they must not satisfy 4 of 
Condition 1 . Thus A C A'. Since LemmaHyields B C B' , we obtain B' G . 
Therefore t G L{Ak)- 

Case 2. I = X iov some x G V. Because Ak is deterministic, if a; £ r then 
x9 = A' . Therefore /(Ai , . . . , A„) A' G Ak, I ^ r G TZ and A G Q fulfill V 
and 2' of Condition 2 . By the construction of Ak, tl^ must not satisfy 3' of 
Condition 2 and thus A C A'. According to LemmaH B <Z B' and therefore 
B' G . Hence t G L{Ak)- LI 

Thus we obtain the following theorem. 

Theorem 9. Let TZhe a, left-linear growing TRS and let L be a recognizable 
tree language. Then the set is recognized by a tree automaton. □ 

If TZ is left-linear TRS then NFtj, is a recognizable set. Thus, from Theorem J 
the set (<^ 7 ?,)(NF 7 j,) is recognizable for a left-linear growing TZ. This means that 
the weakly normalizing property of left-linear growing TRSs is decidable. 



4 Reachability and Joinability 

The reachability problem for TZ is the problem of deciding whether t s given 
two terms t and s. It is well-known that this problem is undecidable for general 
TRSs. Oyamaguchi has shown that this problem is decidable for right-ground 
TRSs. Decidability for linear growing TRSs was shown by Jacquemard Q. Since 
a singleton set of a term is recognizable, we can extend these results by using 
Theorem n 
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Theorem 10. The reachability problem for left-linear growing TRSs is decid- 
able. □ 

For a TRS TZ, we define TZ~^ by = {r^l\l^r&TZ}. Clearly 
t s iff s t. By Theorem^J we obtain the following theorem. 

Theorem 11. Let 7?. be a TRS such that TZ~^ is left-linear and growing. The 
reachability problem for TZ is decidable. □ 

If TZ is right-ground TRS then TZ~^ is left-linear and growing. Thus, the 
above theorem is a generalization of Oyamaguchi’s result. 

The joinability problem for TZ is the problem of deciding given finite number 
of terms whether there exists a term s such that ti s for any 

1 < i < n. Oyamaguchi has shown that this problem is decidable for right- 
ground TRSs. This result is extended as follows. 

Theorem 12. Let 7?. be a TRS such that TZ~^ is left-linear and growing. The 
joinability problem for TZ is decidable. 

Proof. Let , . . . , be terms. Then 7i , . . . , are joinable iff 

By Theorem^ (^■R)(|ti|) = (^-R-i)({ti}) is recognizable for any 1 < i < n. 
Thus from LemmasHs^ndHthe theorem follows. □ 

5 Decidable Approximations 

The recognizability result of Section 3 gives us better decidable approximations 
of TRSs than Jacquemard’s ones in 

A TRS TZ' is an approximation of a TRS TZ if C . An approximation 
mavninq r is a mapping from TRSs to TRSs such that t(TZ) is an approximation 
of TZ for every TRS TZ. 

Definition 13. Let 7?. = {^i— >ri|l<z<n}bea TRS. A left-linear growing 
approximation of 7?. is a left-linear growing TRS { I'i ri \ 1 < i < n } where 
for any 1 < i < n, is obtained from U by replacing variables which do not 
match both conditions of left-linearity and growingness with fresh variables. An 
approximation mapping r is left-linear growing if t(TZ) is a left-linear growing 
approximation of TZ for every TRS TZ. 

If 7?. is a left-linear growing TRS then the left-linear growing approximation 
of 7?. is 7?. itself. If r is a left-linear growing mapping then NFt^ = NFt-(tj^) for 
every left-linear TRS TZ. 

Example 3. Let 

^ / fig{x),y) fix, fiy, x)) 

|g(a;) ^ f{x,x). 

Then a left-linear growing approximation of TZ is 
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Jacquemard introduced linear (i.e., left-right-linear) growing approxi- 
mation mappings which return a linear growing approximation of TZ for every 
TRS TZ. Here a linear growing approximation of 7?. is a linear growing TRS ob- 
tained from TZ by replacing variables of rewrite rules. For example, the TRS 
{ f{g{z),y) f{x, f{y, w)), g{x) f{x, y) } is a linear growing approximation 
of TZ of Example^ Our approximations are better than Jacquemard’s ones be- 
cause they are not assumed to be right-linear. See Q for another approximations 
technique based on tree automata induced by TRSs. 

Durand and Middeldorp Q studied approximations of TRSs to call-by-need 
computations. They presented the framework for decidable call-by-need compu- 
tations without notions of index and sequentiality. The following notions origi- 
nate from Q. Let r be an approximation mapping. The redex at a position p in 
t G T{fF) is T -needed if there exists no s G NFt^ such that t[f2]p ^r{n) s. Note 
that a normal form s does not contain f?’s. It is well-known that every r-needed 
redex is needed defined by Huet and Levy if TZ is an orthogonal TRS. The 
class Cr of TRSs is defined as follows: 7?. G Cr iff every term not in normal form 
has a r-needed redex. 

Theorem 14. Let TZhe a. left-linear TRS. Let r be a left-linear growing ap- 
proximation mapping. 

(1) It is decidable whether a redex in a term is r-needed. 

(2) It is decidable whether TZ GCr- 

Proof. The set NFtj, is recognizable since TZ is left-linear. Using Theorem^ we 
obtain the recognizability of the set { t G T(lF U {f2}) | 3sG NF-?^ t -^T{n) s }■ 
Therefore, the theorem follows from Theorems 15 and 29 in Q. □ 

Let TZ be an orthogonal TRS satisfying the variable restriction that I ^ V 
and V(r) C V(^) for every I ^ r G TZ. If t{TZ) — TZ then r-neededness coincides 
with neededness Q. It was also shown by Huet and Levy that every term 
not in normal from has a needed redex. Thus we have the following corollary. 

Corollary 15. Let TZ be an orthogonal growing TRS satisfying the variable 
restriction. Then the neededness is decidable and we have TZ G Cr for every 
left-linear growing approximation mapping r. □ 

The following theorem shows that left-linear growing approximations extend 
the class of orthogonal TRSs having a decidable call-by-need normalizing Strat- 
egy- 

Theorem 16. Let r be a left-liner growing approximation mapping and let t' 
be a linear growing approximation mapping. Then Cr' C Cr even if these classes 
are restricted to orthogonal TRSs. 

Proof. For every TRS TZ, r'-neededness implies r-neededness because we have 
-^T(n)Q Thus Cr' C Cr. Let TZ = {g(a;) ^ f{x,x,x)}\JTZ' where 

TZ' = {/(a, b, x) a, f{b, x, a) — > a, f{x, a, b) 5}. ^From Corollary^Jwe have 
TZ G Cr. We will show that TZ ^ Cr' . If t'{TZ) = {g(a;) ^ f{y,z,x)} U TZ' then 
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g(b) ^r'{n) a and g{b) ^r'in) b. Therefore, the term f{gib),g{b),g{b)) does 
not have r'-needed redexes. Similarly, we can show that f {g{a) , g{a) , g{a)) does 
not have r'-needed redexes for other linear growing approximations of TZ. Hence 
n^Cr'. □ 

6 Termination of Almost Orthogonal Growing TRSs 

Termination is decidable for ground TRSs right-ground TRSs ^ and right- 
linear monadic TRSs ^3- this section, we show that termination of almost 
orthogonal growing TRSs is decidable. If a TRS TZ contains a rewrite rule which 
does not satisfy the variable restriction then TZ is not terminating. Thus we may 
assume that TZ satisfies the variable restriction. We first explain the theorem of 
Gramlich which is used in our proof. 

A reduction t s by applying a rule at position p is innermost if every 
proper subterm of t\p is normal form. The innermost reduction is denoted by 
— > 1 . We say that a term t is weakly innermost normalizing if t s for some 
normal form s. A TRS TZ is weakly innermost normalizing if every term t is 
weakly innermost normalizing. 

Theorem 17 ( | ' ■ | ). Let 7?. be a TRS such that every critical pair of 7?. is a 
trivial overlay. 

(a) TZ is terminating iff TZ is weakly innermost normalizing. 

(b) For any term t, t is terminating iff t is weakly innermost normalizing. □ 

According to Theorem if we can prove the decidability of weakly inner- 
most normalizing then termination is decidable. We show that the set of all 
ground terms being weakly innermost normalizing is recognizable. From here on 
we assume that TZ is a left-linear growing TRS. 

We must construct a tree automaton which recognizes the set of all ground 
terms being weakly innermost normalizing. We start with the deterministic and 
complete tree automaton Anf by Comon Q which accepts ground normal forms. 
The set Sn is defined as follows: Sn = { t G Tq \ t c In, I ^ r G TZ }. 

is the smallest set such that S-jz C and if t, s G and t s then 

tU s G S^. Anf = {^,Qnf,Qnf, Anf) is defined by Qnf = { qt \ t G 
and t does not contain redexes } U (?red}) Qnf ~ QNF\{qred} and Anf 
consists of the following rules: 

- f{qti,- --^qtj qt 

if f{ti , . . . , tn) is not a redex and 

t is maximal 17-term w.r.t. < such that t < /(G, . . . , tA) and qt G Qnf^ 

- f{qti , • ■ • , qtj 9red if f{ti ,...,tn) is a redex, 
f{qii ■ • ■ 5 qn) t q^ed if qred G {(?!, ■ • ■ , qn\ ■ 

The following lemma shows that Anf recognizes the set of ground normal 
forms. 



Lemma 18. /B/Let t G T(.F). 
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(i) Anf is deterministic and complete. 

(ii) If t -^Anf 9s G Qnf tii6n t is a normal form, s < t and u < s for any 
9« G with u <t. 

(iii) If t '^Anf 9red then t is not a normal form. □ 

We inductively construct tree automata Ao^AiT-.^Ak as follows. Let = 
, Aq) = {T,Qnf,Qnp, Anf) = Anf- Ai+i = {A,Q,Q^ , Aipi) (or 
Ak = {A, Q, Z\fc)) is obtained from Ai as follows: 

— If there exist qt^ S . ,,qt^ G , f{h , . . .,ln) ^ r £ TZ and q £ Q such 
that 

(1) f{h,...Jn)n < fih,...,tn) 

(2) there exists 9 : V ^ Q such that r9 -^Ai 9 and x = Ij implies x9 — qtj 
for every x £ r and 1 < J < rr, 

(3) f{qt^,...,qtJ^q^Ai, 

then Ai+i = Z\i U {f{qti qtJ ^ q}- 

— Otherwise, Z\fc = Ai. 

Since the set of states is fixed, the number of new rules is bounded. Thus, the 
process of construction terminates. Note that Ai , . . . , Ak are non-deterministic. 
In the following we prove that 

L{Ak) = { t £ 'T{T) I t is weakly innermost normalizing }. 



Lemma 19. Let t £ T{T). For any 0 < i < fc, if t ^Ai 9 ^ Q then t 
s ^Anf 9 for some s £ 'T(T). 

Proof. We prove the lemma by induction on i. Base step. Trivial. Induction 
step. Assume that qs^ £ . . . , qs„ G Q^, f{h, . . . , In) ^ r £ TZ and q\ £ Q 

satisfy the conditions of construction and Ai is obtained by adding the rule 
/(( 7 si , • ■ • , 9 s„) ^ 9 i to Ai-i. We use induction on the number m of applications 
of the rule /(^si , ■ • ■ , 9 s„) — *■ 9 i in the reduction t -^Ai 9 . If to = 0 then t -^Ai-i 

q. Thus it follows from induction hypothesis on i that t s -^Anf 9 some 
s £ TifF). Let TO > 0. Suppose that 

t = t\f{ti , . . . , tn)]p ^Ai-i 9s„)]p t[9l]p 9- 

For every 1 < j < n, we obtain Uj £ T'{F) such that tj -^x Uj '^Anf 9sj by 
applying induction hypothesis on i to tj -^Ai-i 9sj- According to Lemma^J(ii), 
/(si , . . . , Sn) < f{ui , . . . , Un) and ui, . . . , are normal forms. Because we have 
f{l\, • • • , In) a < /(sij ■ ■ • j Sn) by the condition (1), we obtain the following re- 
duction sequence: 

/(ti, . ..,tn) f{ui, ...,Un) = f{h, . ..,ln)o- ^x ra. 

Let 6* be a substitution which is satisfied in the condition (2) of construction. 
Then from the growingness of TZ we have ra '^Anf hence ra -^Ai-i 9i- 
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Applying induction hypothesis on m to t[ra]p t[qi]p q, we obtain 

s G such that t[r(r]p s '^Anf 9- Thus we have t s -^Anf 9 since 

t ^x t[ra]p. □ 

Lemma 20. L{Ak) C { t G T(lF) | t is weakly innermost normalizing }. 

Proof. From Lemmas ^Jand^J □ 

Lemma 21. Let t G T{A) be a normal form. Then there exists exactly one q 
in Q such that t -^Au 9- Furthermore, q is the state qs in such that s < t 
and u < s for any G with u < t. 

Proof. By Lemma^J t -^Au 9 iff t -^Anf 9- Thus, from Lemma^Jthe claim 
follows. □ 

Lemma 22. L{Ak) D { t G T{T) \ t is weakly innermost normalizing }. 

Proof. Assume that t Aj s for some normal form s. We show that t G L{Ak) 
by induction on the length m of this reduction. Let m = 0. Then t is a normal 
form and hence t G L{Anf) C L{Ak)- Let m > 0. We assume that 

t = ^ Iji^c^p >x >x s 

with /(/i , . . . Jn) ^ r G TZ. By induction hypothesis, t[ra]p is accepted by Ak, 
i.e., t[ra]p^Ak 9 for some q G . Because xa is a normal form for every x G r, 
LemmaH yields 6 : V ^ Q such that 

t[ra]p ^Ak t[i"6]p ^Ak f[9i]p -^Ak 9 

where qi G Q. For any 1 < j < n, by Lemma we have exactly one qsj G Q 
with Ija '^Ak 9sj because Ijcr is a normal form. Note that if Ij = x and x G r 
then x6 = qs^. For any 1 < j < n, qi.^ G since Ij^ G Sfi and does 
not contain redexes. According to Lemma^J /(^i , . . . , < /(si,...,s„). 

Therefore 9si G , . . . ,qs„ G , f{li — > r G 7?. and qi G Q satisfy the 

conditions (1) and (2) of construction. By the construction of Ak, Ak has the 
rule /(gsi, ■ • ■ , 9s„) ^ 9i- Thus, since 

t = t[f{h, ■ ■ ■ j ^n)o']p '*'Ak f [/(9si ) ■ ■ ■ ) 9s„)]p ^Ak f[9l]p ^Ak 9 G 

t is accepted by Afc. □ 

Thus we obtain the following result. 

Lemma 23. Let 7?. be a left-linear growing TRS. The set of ground terms being 
weakly innermost normalizing is recognized by a tree automaton. □ 

Theorem 24. Termination is decidable for almost orthogonal growing TRSs. 

Proof. Let TZ be an almost orthogonal growing TRS. According to Lemma^J TZ 
is strongly normalizing iff e very ground term is weakly innermost normalizing. 
From LemmasHHand^J it is decidable whether every ground term is weakly 
innermost normalizing. □ 
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Abstract. We present two new transformation techniques for proving 
termination of context-sensitive rewriting. Our first method is simple, 
sound, and more powerful than previously suggested transformations. 
However, it is not complete, i.e., there are terminating context-sensitive 
rewrite systems that are transformed into non-terminating term rewrite 
systems. The second method that we present in this paper is both sound 
and complete. This latter result can be interpreted as stating that from 
a termination perspective there is no reason to study context-sensitive 
rewriting. 



1 Introduction 



In the presence of infinite reductions in term rewriting, the search for normal 
forms is usually guided by adopting a suitable reduction strategy. Consider the 
following rewrite rules which form a part of a term rewrite system that im- 
plements the Sieve of Eratosthenes for generating the infinite list of all prime 
numbers (we did not include the rules defining divides): 



primes 
from(a;) 
if(true,a;,y) 
if(false, X, y) 
filter(s(s(a;)),y 



sieve(from(s(s(0)))) 
X : from(s(a;)) 

X 



head(a; : y) ^ x 
tail(a; : y) ^y 

sieve(a; : y) ^ x : filter(a;, sieve(y)) 



^ y 

z) if(divides(s(s(a;)), y), 



filter(s(s(a;)), z), y : filter(s(s(a;)), z)) 



A term like head(tail(tail(primes)))) admits a finite reduction to the normal form 
s^(0) (the third prime number) as well as infinite reductions. The infinite reduc- 
tions can for instance be avoided by always contracting the leftmost-outermost 
redex. Context-sensitive rewriting (Lucas ^Q^J) provides an alternative way 
of solving the non-termination problem. Rather than specifying which redexes 
may be contracted, in context-sensitive rewriting for every function symbol one 
indicates which arguments may not be evaluated and a contraction of a redex is 
allowed only if it is does not take place in a forbidden argument of a function 



P. Narendran and M. Rusinowitch (Eds.); RTA’99, LNCS 1631, pp. 271-^^^ 1999. 
@ Springer-Verlag Berlin Heidelberg 1999 



272 



J. Giesl, A. Middeldorp 



symbol above it. For instance, by forbidding all contractions in the argument t 
of a term of the form s : t, infinite reductions are no longer possible while normal 
forms can still be computed. This example illustrates that this restricted form 
of rewriting has strong connections with lazy evaluation strategies used in func- 
tional programming languages, because it allows us to deal with non-terminating 
programs and infinite data structures, cf. 

In this paper we are concerned with the problem of showing termination 
of context-sensitive rewriting. More precisely, we consider transformations from 
context-sensitive rewrite systems to ordinary term rewrite systems that are sound 
with respect to termination: termination of the transformed term rewrite system 
implies termination of the original context-sensitive rewrite system. The advan- 
tage of such an approach is that all techniques for proving termination of term 
rewriting (e.g., can be used to infer termination of context-sensitive 

rewriting. Two such transformations are reported in the literature, by Lucas 
and by Zantema We add two more. Our first transformation is simple, its 
soundness is easily established, and it improves upon the transformations of 
To be precise, we prove that the class of terminating context-sensitive 
rewrite systems for which our transformation succeeds is larger than that of 
Lucas’ transformation and we claim that the same holds for Zantema’s trans- 
formation. None of these three transformations succeeds in transforming every 
terminating context-sensitive rewrite system into a terminating term rewrite 
system. In other words, they all lack completeness. We analyze the failure of 
completeness for our first transformation, resulting in a second transformation 
with is both sound and complete. Hence it appears that from a termination point 
of view there is no reason to study context-sensitive rewriting further. We come 
back to this issue in the final part of the paper. 

The remainder of the paper is organized as follows. In the next section we 
recall the definition of context-sensitive rewriting as well as the previous transfor- 
mations of Lucas and Zantema. In Sectionjwe present our first transformation 
and prove that it is sound. Despite being incomplete, we argue that it can handle 
more systems than the transformations of Lucas and Zantema. In Section Jwe 
refine our first transformation into a sound and complete one. The bulk of this 
section is devoted to the completeness proof. We make some concluding remarks 
in Section^ 



2 Preliminaries and Related Work 

Familiarity with the basics of term rewriting ( | ' | ) is assumed. Let IF be a 

signature. A function F(N) is called a replacement map if 1 ^ ^ 

arity(/) for all f £ !F and i G ^(/). A context-sensitive rewrite system (GSRS 
for short) is a term rewrite system (TRS) TZ over a signature J- that is equipped 
with a replacement map p.. We always assume that T contains a constant. The 
context-sensitive rewrite relation is defined as the restriction of the usual 

rewrite relation to contractions of redexes at active positions. A position 
7T in a term t is (/i-)active if tt = £ (the root position), or t = /(ti , . . . , f„). 
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7T = i-tt' , i e and tt' is active in U. So s t if and only if there exist 

a rewrite rule I r in TZ, a, substitution a, and an active position tt in s such 
that s|^ = la and t = s[r(r]^. 

Consider the TRS of the introduction. By taking ^(:) = ^(if) = ^(sieve) = 
^(from) = fi{s) = /t(head) = /r(tail) = {!}, and /r(filter) = ^(divides) = {1,2} 
we obtain a terminating CSRS. The term 0 : from(s(0)), which has an infinite 
reduction in the TRS, is a normal form of the CSRS because the reduction step 
to 0 : (s(0) : from(s(s(0)))) is no longer possible as the contracted redex occurs 
at a forbidden position (2 ^ 

Context-sensitive rewriting subsumes ordinary rewriting (by taking /i(/) = 
{l,...,n| for every n-ary function symbol /). The interesting case is when TZ 
admits infinite reductions and ^ is defined in such a way that is terminating 

but still capable of computing (7?,-)normal forms. For the latter aspect we refer 
to Lucas Q; in this paper we are only concerned with termination of context- 
sensitive rewriting. 

Lucas ^3 presented a simple transformation from CSRSs to TRSs which is 
sound with respect to termination. Let (TZ, be a CSRS over a signature T . 
The idea of the transformation is to replace every function symbol / S by a 
new function symbol where all arguments except the active ones are removed. 
Thus, the arity of is |^(/)|. The transformed system TZ^ results from TZ by 
normalising all terms in its rewrite rules using the (terminating and confluent) 
TRS consisting of all rules 

f{xi,. 

such that ^(/) = jzi, . . . , ik} with ii < ■ ■ ■ < ik- For instance, if TZ is the TRS 
of the introduction and fi is defined as above, then TZ^ consists of the following 
rewrite rules: 

primes^ sieve^(from^(s^(s^(0^)))) 

from^(a;) ^ :^(a;) 

sieve^(:^(a;)) ^ :^,(a;) 

filter^(s^(s^(a;)),:^(y)) ^ if^(divides;,(s^(s^(a;)), y)) 
if^(true^) ^ X 

if^(false^) ^ y 

Note that is not terminating due to the extra variables in the right-hand 
sides of the rules for tail^ and if^. 

Zantema Q presented a more complicated transformation in which subterms 
at forbidden positions are marked rather than discarded. The transformed sys- 
tem 7?.^ consists of two parts. The first part results from a translation of the 
rewrite rules of TZ, as follows. Every function symbol / occurring in a left or 
right-hand side is replaced by / (a fresh function symbol of the same arity as 
/) if it occurs in a forbidden argument of the function symbol directly above it. 
These new function symbols are used to block further reductions at this position. 

In addition, if a variable x occurs in a forbidden position in the left-hand 
side I of a rewrite rule I —>■ r then all occurrences of a; in r are replaced by a (a;). 



head^(:^(a;)) ^ x 

tail^(:/^(a;)) 
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Here a is a new unary function symbol which is used to activate blocked function 
symbols again. The second part of 7?.^ consists of rewrite rules that are needed 
for blocking and unblocking function symbols: 

f{xi, ...,Xn)^ f{xi, ■..,Xn) 
a{f{xi, . ..,Xn)) ■■,Xn) 

for every n-ary / for which / appears in the first part of TZ^, together with the 
rule a(a;) ^ x. The example GSRS (7Z, /i) is transformed into 



primes 


sieve(from(s(s(0)))) 




from(a;) 


X : fromfsfx)) 






sieve(a; : y) 


X : filterfa;, sieve 


Uy))) 




filter(s(s(x)), y : z) - 


iffdividesfsfsfa;)), y), filterfsfsfa;)), 


3{z)), 






y: filterfsfsfa;)), afz))) 


if(true, X, y) 


a(a;) 






if(false, a;, y) 


a(y) 


headfa; : y) — 


> X 


from(a;) 


from fa;) 


tailfa; : y) — 


> afy) 


sieve(a;) 


-> sievefa;) 


affromfa;)) — 


> fromfa;) 


filter(a;,y) 


-> filterfa;, v) 


afsievefa;)) — 


^ sievefa;) 


x:y 


xiy 


affilterfa;,y)) - 


^ filterfa;, y) 


a{x) 


X 


a(a;iy) 


^ x:y 



This transformation is sound but not complete as we have the infinite reduction 
sieve(a(from(0))) 0 : filter fO, sieve(a( from (s(0))))) 

^^z 0 : filter fO, s(0) : filter fsfO), sieve(a( from (s(s(0))))))) 

nl'-- 

in the TRS Til. 

Zantema’s method appears to be more powerful than Lucas’ transformation 
but actually the two methods are incomparable (cf. the TRS consisting of the 
single rule c — > f(g(c)) with ^(f) = 0 and ^(g) = {!}). 

3 A Sound Transformation 

In this section we present our first transformation from CSRSs to TRSs. The 
advantage of this transformation is that it is very easy and more powerful than 
the transformations of Lucas and Zantema defined in the preceding section. In 
the transformation we will extend the original signature T of the TRS by two 
additional unary function symbols active and mark. 

Essentially, the idea for the transformation is to mark the active positions 
in a term on the object level, because those positions are the only ones where 
context-sensitive rewriting may take place. For this purpose we use the new 
function symbol active. Thus, instead of a rule I —>■ r the transformed TRS 
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should contain a rule whose left-hand side is active(^). Moreover, after rewriting 
an instance of I to the corresponding instance of r, we have to mark the new 
active positions in the resulting term. For that purpose we use the function 
mark. So we replace every rule ^ > r by active(^) ^ mark(r). To mark all active 

positions in a term, the rules for mark must have the form 

mark(/(a;i, . ..,Xn)) active(/([a;i], . . ., [a;„])) 

where the form of the argument [a;J depends on whether i is an active argument 
of /: If z G fi{f) then Xi must also be marked active and thus [sj = mark(a;i), 
otherwise the zth argument of / is not active and we define [xj\ = Xi. Finally, we 
also need a rule to deactivate terms. For example, consider the TRS consisting 
of the following rewrite rules: 



a ^ f(b) 
f(b) ^ a 
b ^ c 

No matter how the replacement map /i is defined, the resulting CSRS is not 
terminating. Suppose ^(/) = {!}. In the transformed system we would have the 
rules 

active(a) ^ mark(f(b)) mark(a) ^ active(a) 

active(f(b)) ^ mark(a) mark(b) ^ active(b) 

active(b) ^ mark(c) mark(c) ^ active(c) 

mark(f(a;)) ^ active(f(mark(a;))) 

This TRS is terminating because active(a) can be reduced to active(f(active(b))), 
but if we cannot deactivate the subterm active(b) then the second rule is not 
applicable. Thus, we have to add the rule active(a;) ^ x. To summarize, we 
obtain the following transformation. 

Definition 1. Let {TZ, he a CSRS over a signature T . The TRS over the 
signature T U {active, mark} consists of the following rewrite rules: 

active(^) ^ mark(r) for all I ^ r G TZ 

mark(/(a;i, . ..,Xn)) active(/([a;i]/, . . ., [a;„]/)) for all f G T 

active(a;) — > x 

Here [xi]f = mark(a;i) if i G /i(/) and [xj/ = Xi otherwise. The subset of TZ"f 
consisting of all rules of the form 

mark(/(xi, . . . , x„)) ^ active(/([xi]/, . . . , [x„]/)) 

will be denoted by A4. 

Soundness of our transformation is an easy consequence of the following 
lemma which shows how context-sensitive reduction steps are simulated in the 
transformed system. 
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Lemma 1. Let (7?,,^) be a CSRS over a signature T and let s,t G T{iF). If 
s t then mark(s)i>i mark(i)J,>i. 

Proof. First note that M is confluent and terminating, so uIm exists for every 
term u. There exist a rewrite rule I ^ r G TZ, a, substitution cr, and an active 
position 7 T in s such that s|,r = and t = s[r(r],r- We prove the lemma by 
induction on tt. If tt = e then s = la and t = ra. An easy induction on the 
structure of s reveals that mark(s)|x active(s) (one just has to eliminate 
all inner occurrences of active in mark(s)lA^). Since active(s) ^ mark(t) is an 
instance of a rule in TZ], we obtain 

mark(s)i 7 vi active(s) ^ 7^1 mark(t) ^+1 m3rW(t)[M- 

If TT = i-ir' then we have s = /(si , . . . , Si, . . . , s„) and t = /(si , . . . , , s„) 

with Si ti- Note that i G tJ-if) due to the definition of context-sensitive 

rewriting. For 1 ^ j ^ n define s' = mark(sj)J,x if j G ^(/) and s' = sj if 
j ^ m(/)- Tlie induction hypothesis yields s' mark(ti)J, 7 vi- Since 

mark(s)iAr = active(/(s'i , . . . , s', . . . , s'„)) 

and 

mark(t)i^ = active(/(s'i , . . . , mark(ti)i^, . . . , s(,)), 
the result follows. □ 

Theorem 1. Let {TZ, gf) be a CSRS over a signature T . If TZj^ is terminating 
then {TZ, is terminating. 

Proof. If {TZ, is not terminating then there exists an infinite reduction of 
ground terms. Any such sequence is transformed by the previous lemma into an 
infinite reduction in TZ], . □ 

The converse of the above theorem does not hold, i.e., the transformation is 
incomplete. 

Example 1. As an example of a terminating CSRS that is transformed into a 
non-terminating TRS by our transformation, consider the following variant TZ 
of a well-known example from Toyama ^3- 

f(b, c, z) ^ f(a;, a;, x) d^b d^c 

If we define ^(/) = {3} then the resulting CSRS is terminating because the 
usual cyclic reduction of f(b, c, d) to f(d, d, d) and further to f(b, c, d) cannot be 
done any more, as one would have to reduce the first and second argument of f . 
However, the transformed TRS 7?.^ 

active(f(b, c, x)) — > mark(f(x, x, x)) mark(f(x, g, z)) active(f(x, g, mark(z))) 
active(d) ^ mark(b) mark(b) — > active(b) 

active(d) ^ mark(c) mark(c) — ^ active(c) 

active(x) ^ X mark(d) — > active(d) 
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is not terminating: 



mark(f(b, c, d)) ^ active(f(b, c, mark(d))) 

^ active(f(b, c, active(d))) 

^ mark(f(active(d), active(d), active(d))) 
mark(f(mark(b), mark(c), d)) 
mark(f(active(b), active(c), d)) 
mark(f(b, c, d)) 



Note that 



and 7?.^: 

H- 






f(b, c, a;) ^ f(a;, x, x) 

d ^ b 
d ^ c 
a(a;) ^ x 



a(y ^ b 
a(c) — > c 
b -> b 
c — > c 



also fail to be terminating (7?.^ admits the cycle f(b, c, d) f(d,d,d) 
f(b,c,d) f(b,c,d)). 



Nevertheless, compared to the transformations of Lucas and Zantema, our 
easy transformation appears to be very powerful. There are numerous CSRSs 
where our transformation succeeds and which cannot be handled by the other 
two transformations. 



Example 2. As a simple example, consider the terminating CSRS TZ 

g(x) h(a;) 
c ^ d 

h(d) ^ g(c) 

with ^(g) = ^(h) = 0 from Q. The TRSs TZj^: 



and 7Z^: 





^ d^ 




g(a;) - 


> h(a(a;)) 


a(c) ^ c 


c — 


> d 


a(d) ^ d 


h(d)- 


^ g(c) 


c — + c 


a(a;) - 


> X 


d ^ d 



are non-terminating (7?.^ admits the cycle g(c) ^ h(a(c)) ^ h(c) ^ h(d) 
h(d) ^ g(c)). In contrast, our simple transformation generates the TRS 



active(g(a;)) ^ mark(h(a;)) 
active(c) ^ mark(d) 
active(h(d)) ^ mark(g(c)) 
active(a;) ^ x 



mark(g(a;)) — > active(g(a;)) 
mark(h(a;)) ^ active(h(a;)) 
mark(c) ^ active(c) 
mark(d) — > active(d) 
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which is terminating! 



Moreover, while the techniques of Lucas and Zantema fail for the Sieve of 
Eratosthenes example from the introduction, our transformation generates a 
terminating TRS. In fact, we do not know of any example where the method of 
Lucas or Zantema works but our method fails. (In particular, our transformation 
succeeds for all terminating CSRSs presented in This strongly suggests 

that our proposal is more powerful than the previous two approaches. For the 
transformation of Lucas this can indeed be proved. 

Theorem 2. Let {TZ, n) be a CSRS over a signature T . If TZ^ is terminating 
then TZj^ is terminating. 

Proof. We prove termination of TZj^ using the dependency pair approach of Arts 
and Giesl The dependency pairs of 7?.^ are 

(ACTIVE(0, MARK(r)) for alU ^ r in (i) 

(MARK(/(:ri, . . . , a;„)), ACTIVE(/([m]/, . . . , [x„]/))) for all / G .F (ii) 

(MARK(/(m,...,a;„)),MARK(x,)) for / G .F, z G m(/) (iii) 

To prove termination of 7?.^ we have to find a weakly monotonic quasi-order ^ 
and a well-founded order which is compatible with ^ (i.e., > ^ such 

that both and ^ are closed under substitution. Then it is sufficient if the 
following constraints are satisfied. Dependency pairs of kind (i) and (iii) should 
be strictly decreasing and for dependency pairs of kind (ii) it is enough if they 
are weakly decreasing. Moreover, all rules of TZ^^ should be weakly decreasing. 
Thus, we only have to demand 

ACTIVE(0 ^ MARK(r) for alU ^ r in 7^ 

MARK(/(a;i , . . . , a;„)) ^ ACTIVE(/([:n]/, . . . , [a;„]/)) for all / G .F 

MARK(/(a;i , . . . , x„)) y MARK(a;i) for all / G lA, z G p.(f) 

active(^) ^ mark(r) for all I —>■ r in 7Z 

mark(/(a::i, . . .,a;„)) ^ active(/([a;i]/, . . ., [a;„]/)) for all / G .F 

active(a;) ^ x 

Let A be the (confluent and terminating) TRS consisting of the rewrite rules 

ACTIVE(a;) ^ x 
MARK(a;) ^ a; 
active(a;) ^ x 
mark(a;) 
f(Xi,. ..,Xn) 



X 

f)J,{Xii , . ■ . , Xi^) 



for all / G iF where /i(/) = {zi,...,Zfc} with zi < ••• < Zfc. Define s f if 
and only if (^-rl U o)'*’ Here O denotes the proper subterm relation. 

M 

^ This can be proved using the dependency pair approach (Q): Since the pair 
(ACTIVE(h(d)), MARK(g(c))) can occur at most once in any chain of dependency 
pairs, it follows that there are no infinite chains and hence the TRS is terminating. 
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Moreover, let s ^ i hold if and only if sj,^ One easily verifies that 

and ^ satisfy the above demands {>- is well founded by the termination of T^)- 
Hence, due to the soundness of the dependency pair approach, the termination 
of 'R}, is established. □ 

This theorem can also be proved using the self -labelling technique of |3- 



4 A Sound and Complete Transformation 

In this section we present a transformation of context-sensitive rewrite systems 
which is not only sound but also complete with respect to termination. To ap- 
preciate the non-triviality of this result, the reader may want to try to construct 
a sound and complete transformation (together with a proof of completeness) 
before reading any further. 

Let us first investigate why the transformation of Sect.^^^cks complete- 
ness. Consider again the CSRS {TZ, n) of Example H The reason for the non- 
termination of TZj^ is that terms may have occurrences of active at forbidden 
positions, even if we start with a “proper” term (like mark(f(b, c, d))). The 
“forbidden” occurrences of active in the first two arguments of f (in the term 
mark(f(active(d), active(d), active(d))) ) lead to contractions which are impossible 
in the underlying CSRS. Thus, the key to achieving a complete transformation 
is to control the number of occurrences of active. We do this in a rather drastic 
manner: we will work with a single occurrence of active. Of course, we cannot 
forbid the existence of terms with multiple occurrences of active but we can 
make sure that no new active symbols are introduced during the contraction of 
an active redex. 

Working with a single active occurrence entails that we have to shift it in a 
non-deterministic fashion downwards to any active position. This is achieved by 
the rules 



active(/(a;i, x„)) f'(xi, active(xi), ...,Xn) 

for every i G When shifting the active symbol to an argument of /, the 

original function symbol / is replaced by a new function symbol f . This is to 
ensure that no reductions can take place above the current position of active. By 
this shifting of the symbol active, our TRS implements an algorithm to search 
for redexes subject to the constraints of the replacement map /i. Once we have 
shifted active to the position of the desired redex, we can apply one of the rules 

active(^) ^ mark(r) 

as in the previous transformation. The function symbol mark is used to mark 
the contractum of the selected redex. In order to continue the reduction it has 
to be replaced by active again. Since the next reduction step may of course take 
place at a position above the previously contracted redex, we first have to shift 
mark upwards through the term, i.e., we use rules of the form 

/'(a;i, . ..,mark{xi), ...,Xn)^ mark(/(a;i, . ..,Xi,. ..,Xn)) 
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for every i € /i(/). We want to replace mark by active if there are no f symbols 
left above it. Since the absence of f symbols cannot be determined, we introduce 
a new unary function symbol top to mark the position below which reductions 
may take place. Thus, the reduction of a term s with respect to a GSRS is 
modelled by the reduction of the term top(active(s)) in the transformed TRS. 
If top(active(s)) is reduced to a term top(mark(t)), we are ready to replace mark 
by active. This suggests adding the rule 

top(mark(a;)) — ^ top(active(a;)). 

However, as illustrated with the counterexample in Sect. Q we have to avoid 
making infinite reductions with terms which contain inner occurrences of new 
symbols like active and mark. For that reason we want to make sure that this rule 
is only applicable to terms that do not contain any other occurrences of the new 
function symbols. Thus, before reducing top(mark(t)) to top(active(t)) we check 
whether the term t is proper, i.e., whether it contains only function symbols from 
the original signature This is easily achieved by new unary function symbols 
proper and ok. For any ground term t G T{T), proper(t) reduces to ok(t), but if 
t contains one of the newly introduced function symbols then the reduction of 
proper(t) is blocked. This is done by the rules 

proper(c) — > ok(c) 

for every constant c G T and 

proper(/(a::i, . ..,Xn)) /(proper(a;i), . . . , proper(a;„)) 

/(ok(a;i), . . .,ok(a;„)) -> ok(/(a;i, . . .,a;„)) 

for every function symbol f G T oi arity n > 0. Now, instead of the rule 
top(mark(a;)) ^ top(active(a;)) we adopt the rules 

top(mark(a;)) ^ top(proper(a;)) 
top(ok(a;)) ^ top(active(a;)). 

This concludes our informal explanation of the new transformation, whose formal 
definition is summarized below. 

Definition 2. Let {TZ, p) he a CSRS over a signature T . The TRS TZ'j^ over the 
signature iF' = IFU {active, mark, top, proper, ok} U {/' \ f G T is not a constant} 
consists of the following rewrite rules (for all I ^ r G TZ, f G T of arity n > 0, 
i G p{f), and constants cG T): 

active(^) ^ mark(r) 

active(/(a;i, Xn)) f'{xi, . . . , active(a;i), ...,Xn) 

f(xi, mark(a;i), ...,x„)^ mark(/(a::i, ...,Xi,..., s„)) 
proper(c) — + ok(c) 

proper(/(a;i, . ..,Xn)) /(proper(a;i), . . . , proper(a;„)) 

/(ok(a::i), . . . , ok(a;„)) ok(/(a;i, . . . , a;„)) 

top(mark(a;)) ^ top(proper(a;)) 
top(ok(a;)) — > top(active(a;)) 
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In the remainder of this section we show that our second transformation is 
both sound and complete. We start with a preliminary lemma, which states that 
proper has indeed the desired effect. 

Lemma 2. Let {TZ, /i) he a CSRS over a signature T . Let s,t G T(lF'). We have 
proper(s) -^^2 ok(t) if and only if s = t and s G 'T(T'). 

Proof. The “if” direction is an easy induction proof on the structure of s. The 
“only if” direction can be proved by induction on the number of symbols in s. 

If the root of s is a function symbol g G !F' \ {!F U {proper}) then proper(s) 
cannot be rewritten at the root. Thus, any one-step reduction of proper(s) would 
yield a term of the form proper(s') where s s' . If 5 G (active, mark} U {/' | 
/ G IF is not a constant} then the root symbol of s' must also be from that set. 
Similarly, if g is ok or top, then the root symbol of s' is g as well. This implies 
that no reduct of proper(s) can be reduced at the root position either. Hence 
proper(s) ^.^2 ok(t) cannot hold and the claim holds vacuously. 

In the remaining case the root symbol of s is from IFU {proper}. Thus, s has 
the form proper'"(u) for some m ^ 0 where the root of u is different from proper. 
In order to reduce proper(s) at the root, we first have to reduce s = proper'"(u) 
to a term with a root symbol from T . Similar to the observations above, the 
root symbol of u cannot be from T' \ IF. If u is a constant from T then the only 
applicable rule is proper(u) ^ ok(u). Thus, proper(s) = proper™+^(u) is reduced 
to the normal form proper™(ok(u)). So in this case proper(s) can only rewrite to 
a term of the form ok(t) if m = 0 and thus the claim of the lemma holds trivially. 

Otherwise, u = f{ui , . . . , u„) with / G IF of arity n > 0. The reduction from 
proper(s) to ok(t) must start as follows: 

proper(s) = proper(proper'"(/(ui, . . . , u„))) 

^^2 proper(proper™(/(u{, . . . , <))) 

^.^2 proper(proper'""i(/(proper(u{), . . . , proper(u'J))) 




^^2 proper(/«,...,u")) 

/(proper«), . . . , proper(u")) 

where proper'" (uj) ^^2 u'( for all 1 ^ i ^ n. (Note that the root symbol 
f of u must not be rewritten to ok, for otherwise no reduction step at the 
root can take place.) To reduce /(proper(u"), . . ., proper(u")) to a term of the 
form ok(t), every argument proper(u") must be reduced to a term of the form 
ok(ti) and then /(ok(ti), . . . , ok(t„)) can be reduced to ok(/(ti, . . . , t„)). But if 
proper(u") —>^2 ok(ti) then we also have proper(proper™(ui)) ^^2 ok(ti). The 
induction hypothesis yields proper™(uj) = ti and proper™(uj) G T(lF) for all 
1 ^ z ^ n. So in this case we have m = 0 as well, i.e., s cannot contain any 
occurrence of proper. Consequently, ok(/(ti , . . . , t„,)) is in normal form and hence 

S = U = /(ui, . ..,Un) = f(ti, ...,tn)=tG T {T) . □ 
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The next lemma shows how context-sensitive reduction steps are simulated 
by the second transformation. The “if” part is used in the completeness proof. 

Lemma 3 . Let ( 7 ?.,^) be a CSRS over a signature T and let s G T{T). We 
have s — *-7?,,/^ t if and only active(s) —>^2 mark(t). 

Proof. The “only if” direction is easily proved by induction on the depth of the 
position of the redex contracted in s t- We prove here the “if” direction 

by induction on s. There are two possibilities for the rewrite rule of that is 
applied in the first step of the reduction from active(s) to mark(t). If a rule of 
the form active(^) — > mark(r) is used, then s = la for some substitution a. Since 
ra contains only symbols from mzrV.(ra) is in normal form and thus t = ra. 
Clearly s ^7?., 71 1 - 

Otherwise, s must have the form /(si, . . . , Si, . . . , s„) and in the first reduc- 
tion step active(s) is reduced to /'(si, . . . , active(si), . . . , s„) for some i G A*(/). 
Note that all reductions of the latter term to a term of the form mark(t) have 
the form 



/'(si, . . . , active(si), . . . , s„) ^+2 /'(si, . . . , mark(ti), . . . , s„) 

^7^2 mark(/(si,...,ti,...,s„)). 

Hence t = /(si, . . . , tj, . . . , s„). The induction hypothesis yields Si ti and 

as z G ^(/) we also have s t- C 

Soundness of our second transformation is now easily shown. 

Theorem 3 . Let {TZ, fj.) be a CSRS over a signature T . If is terminating 
then {TZ, gi) is terminating. 

Proof. If (JZ, gi) is not terminating then there exists an infinite reduction of 
ground terms in T(lF). Note that s ^n,^i t implies active(s) ^.^2 mark(t) by 

B 

LemmaH Hence it also implies 

top(active(s)) ^.^2 top(mark(t)) ^75,2 top(proper(f)). 

Moreover, by LemmaHwe have proper(t) ^^2 ok(t) and thus 

top(proper(f)) ^^2 top(ok(t)) ^75,2 top(active(t)). 

Concatenating these two reductions shows that top(active(s)) ^^2 top(active(t)) 
whenever s t. Hence any infinite reduction of ground terms in (TZ, gf) is 

transformed into an infinite reduction in TZ"^, . □ 

To prove that the converse of Theorem Hholds as well, we define 5 ^ as the 
TRS TZ'^ without the two rewrite rules for top. The following lemma states that 
we do not have to worry about S^. 
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Lemma 4. The TRS is terminating for any CSRS (7?,, /i). 

Proof. Let T be the signature of (7?,, /t) . The rewrite rules of 5^ are oriented 
from left to right by i^rpo, the recursive path order Q induced by the following 
precedence on iF': 

active > f >- mark proper f y cy ok 

for every non-constant f G T and every constant c G if. Since is well-founded, 
it follows that 5^ is terminating. □ 

Now we are ready to present the main theorem of the paper. 

Theorem 4. Let {TZ, yi) be a CSRS over a signature T . If {TZ, yt) is terminating 
then TZ'^ is terminating. 

Proof. First note that the precedence used in the proof of Lemma B cannot be 
extended to deal with the whole of TZf^ as the second rewrite rule for top requires 
ok active. Since TZf^ lacks collapsing rules, it is sufficient to prove termination 
of any typed version of TZ^, cf. Thus we may assume that the function 

symbols of TZ^ come from a many-sorted signature, where the only restriction 
is that the left and right-hand side of any rewrite rule are well-typed and of the 
same type. We use two sorts a and /?, with top of type a — > /? and all other 
symbols of type a x ... x a ^ a. So if TZ^ allows an infinite reduction then 
there exists an infinite reduction of well-typed terms. Since both types contain 
a ground term, we may assume for a proof by contradiction that there exists an 
infinite reduction starting from a well-typed ground term t. Terms of type a are 
terminating by Lemmaflsince they cannot contain the symbol top and thus the 
only applicable rules stem from S^. So 7 is a ground term of type /3, which implies 
that t — top(7') with 7' of type a. Since t' is terminating, the infinite reduction 
starting from 7 must contain a root reduction step. So t' reduces to mark(7i) or 
ok(7i) for some term 7i (of type a). We consider the former possibility, the latter 
possibility is treated in a very similar way. The infinite reduction starts with 

7 ^^2 top(mark(7i)) — top(proper(7i)). 

Since proper(7i) is of type a and thus terminating, after some further reduction 
steps another step takes place at the root. This is only possible if proper(7i) 
reduces to ok(72) for some term 72. According to LemmaHwe must have 7i = 
72 G T{T). Hence the presupposed infinite reduction continues as follows: 

top(proper(7i)) top(ok(7i)) — *-r 2 top(active(7i)). 

Repeating this kind of reasoning reveals that the infinite reduction must be of 
the following form, where all root reduction steps between top( proper (7i)) and 
top(mark( 73 )) are made explicit: 

7^12 top(proper(7i)) ^+2 top(ok(7i)) ^ 7^2 top(active(7i)) ^+2 top(mark( 72 )) 

'^yi M '^yi 

^ 75,2 top(proper( 72 )) ^^2 top(ok( 72 )) ^ 7^2 top(active( 72 )) ^^2 top(mark( 73 )) 
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Hence active(ii) ^^2 rnark(ti+i) and ti € T{T) for all z ^ 1. We obtain 

t\ h ^n.,n ts ^n,n • ■ • 

from LemmaH contradicting the termination of (7?,, /i) . □ 



5 Conclusion and Further Work 



In this paper we presented two new transformations from CSRSs to TRSs whose 
purpose is to reduce the problem of proving termination of CSRSs to the prob- 
lem of proving termination of TRSs. The advantage of such an approach is that 
all termination techniques for ordinary term rewriting (including future develop- 
ments) become available for context-sensitive rewriting as well. So in particular, 
these techniques can now also be used to analyze the termination behaviour of 
lazy functional programs which may be modelled by CSRSs. Our first trans- 
formation is simple, sound, and appears to be more powerful than previously 
suggested transformations. Our second transformation is not only sound but 
also complete, so it transforms every terminating CSRS into a terminating TRS. 

Our transformations also form a basis for automated termination proofs of 
CSRSs. Of course, a direct termination proof of TZf^ cannot be obtained by a path 
order amenable to automation and even a powerful method like the dependency 
pair approach often will not succeed in finding a fully automated termination 
proof. To a lesser extent this is already true for our first transformation. However, 
our transformations are suitable for changes in their presentation which do not 
result in any significant change in their behaviour, but which ease the termination 
proofs of the resulting TRSs considerably. 

For instance, for the first transformation an obvious idea is to normalize the 
right-hand sides of the active(^) ^ mark(r) rules with respect to the subsystem 
A4. Another natural idea is to replace the single symbol active by fresh symbols 
/active for every f G J-. This amounts to replacing every occurrence of the pattern 
active(/(- • •)) in the rewrite rules by /active(- • ■) as well as expanding the rule 
active(a;) ^ x into all rules of the form /active(;ci, . . . , a;„) ^ f(xi, . . . , a;„). If we 
apply both ideas to the TRS of Example^we obtain the TRS 



Sactive(i^) ^ l'active(‘^) 

Oactive ^ ^active 

hactive(d) ^ Sactive(o) 



mark(g(a;)) ^ gactive(a;) 
mark(h(a;)) hactive(a;) 

mark(c) Cactive 

mark(d) ^ dactive 



Sactive (•^') 
^active (•^') 
^active 
^active 



g(a^) 

h(a;) 



c 



d 



which is compatible with for the precedence mark Cactive dactive d 

C gactive ^ S ^ ^active ^ h- 

Refinements like those mentioned above should be studied further. Termina- 
tion of the TRS resulting from our first (incomplete) transformation is sometimes 
easier to prove than termination of the TRS resulting from our second (complete) 
one. Thus, we conclude by stating that while our second transformation is su- 
perior to all previous incomplete ones, at present our incomplete transformation 
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of Sect. 5 as well as the ones of Lucas and Zantema may still be useful 
for the purpose of automation. In addition, the latter paper contains a complete 
semantic characterization of context-sensitive rewriting which can be used in a 
direct termination proof attempt. 
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Abstract. Context-sensitive rewriting was introduced in Q and consists 
of syntactical restrictions imposed on a Term Rewriting System indicat- 
ing how reductions can be performed. So context-sensitive rewriting is 
a restriction of the usual rewrite relation which reduces the reduction 
space and allows for a finer control of the reductions of a term. In this 
paper we extend the concept of context-sensitive rewriting to the frame- 
work rewriting modulo an associative-commutative theory in two ways: 
by restricting reductions and restricting AC-steps, and we then study 
this new relation with respect to the property of termination. 



1 Introduction 

The concept of context-sensitive rewriting was introduced by Lucas Q and con- 
sists of syntactical restrictions imposed on a Term Rewriting System (TRS) 
indicating how reductions can be performed; this is achieved by associating to 
each function symbol a set of positions, namely the positions where reductions 
can be performed. So context-sensitive rewriting is a restriction of the usual 
rewrite relation which reduces the reduction space and allows for a finer control 
of the reductions of a term. 

Context-sensitive rewriting is also related to lazy evaluation strategies in 
functional programming: the same mechanism used for indicating where reduc- 
tions can (and cannot) take place can also be used for indicating which reductions 
are not needed. As an example consider the definition of the if-then-else Q: 

if-then-else(frue, f, e) — > t if-then-else(/a/se, t,e) ^ e 

where we only want to eventually evaluate the “then” or “else” -branch once we 
know what the result of evaluating the condition is. This restriction can be 
achieved in context-sensitive rewriting by stating that we are only allowed to 
evaluate the first argument of terms headed by the symbol if-then-else. Then 
when reducing any term of the form if-then-else(c, t, e), unwanted reductions 
can be avoided. 

Of the properties of TRS’s, confluence and termination are two of the most 
relevant, ensuring that a computation always yields the same result and that 
that result exists, respectively. Context-sensitive rewriting has been studied with 
respect to termination in and with respect to confluence in for a 

thorough account on this topic see However, many interesting and useful 

P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 2S6-^^| 1999. 

@ Springer-Verlag Berlin Heidelberg 1999 
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systems have operators which are associative and commutative (AC), and if one 
wants to fully capture the functionality of such operators, rewriting has to be 
replaced by AC-rewriting, i. e., rewriting modulo an associative-commutative 
theory. For example, if one wants to incorporate the “and” and “or” operators 
to the system describing the if-then-else, given that these are AC operators, one 
should now consider AC-rewriting. 

In this paper we extend the concept of context-sensitive rewriting to AC- 
rewriting by restricting both reduction steps and AC-steps and study the prop- 
erty of termination for this new rewrite relation following the approach of for 
termination of context-sensitive rewriting. As in the case of rewriting, context- 
sensitive AC-rewriting preserves AC-termination but goes further since there are 
systems which are context-sensitive AC-terminating but not AC-terminating. 
This makes context-sensitive (AC) rewriting particularly interesting for deal- 
ing with systems with infinite data structures since they are inherently non- 
terminating. 

The rest of the paper is organized as follows. In section^we review some con- 
cepts relative to AC-rewriting and context-sensitive rewriting. In section ^ we 
introduce the notion of context-sensitive AC-rewriting, context-sensitive quasi- 
orders and interpretations and we show how to formulate termination of a 
context-sensitive AC-relation in terms of these entities. In section J we present 
a transformation which allows to translate context-sensitive AC-termination to 
AC-termination, and prove the soundness of this (not complete) transformation. 
In section Q we present some examples and we conclude in section ^ Due to 
space restrictions, most proofs are omitted (see 0 for full proofs). 

2 Preliminaries 

We introduce some notation and give some basic notions over orders, TRS’s and 
AC-rewriting. For more information the reader is referred to 001 

A poset {S, y) is a set S together with a partial order, we say that is 
well-founded if there are no infinite sequences of the form sq si Quasi- 

orders over a set S are denoted, in general, by Any quasi-order defines an 
equivalence relation, namely (denoted by ^), and a partial order, which we 

consider to be denoted by )^. Conversely, the union of a given partial order 

and equivalence ^ is a quasi-order only if they satisfy (^ o o ^) = ;^, 
where o represents relation composition; in this case we say that and ^ are 
compatible. A quasi-order ^ is well-founded if is. 

T(iF, At) denotes the set of terms over tF, a non-empty (possibly infinite) set 
of function symbols, and X , a denumerable set of variables such that TFX — 0. 
For technical and practical reasons we assume that our set of terms is never 
empty. For t G T(iF, X), the set var{t) contains the variables occurring in t. For 
f G J-, ar{f) denotes the arity of /. 

A TRS is a tuple (J-,X,R), with R C T(tF,X) x T(tF,X). The elements 
{I, r) of R are the rules of the TRS and are usually denoted by ^ ^ r; we require 
that they satisfy I ^ X and var{r) C var{l). In the following, unless otherwise 
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specified, we identify the TRS with R, being T the set of function symbols oc- 
curring in R. A TRS (T , X, R) induces a reduction relation on T{T, X), denoted 
by — as follows: s t (s reduces or rewrites to t) if and only if s = C[l'^] 
and t = C[r'^], for some linear context substitution a : X ^ T{iF,X) and 
rule I r G R. The transitive closure of is denoted by — and its reflexive- 
transitive closure by By n G IN, we denote the composition of — 
with itself n times (if n = 0 then is the identity). A rewrite sequence is a 
sequence of reduction steps to 

A binary relation O over 'T{T^X') is: terminating if there are no infinite 
sequences sq 0 si 0 S2 . . closed under substitutions if s 0 t ^ s'^Ot'^ , for any 
substitution a : X ^ T{T,X)] closed under contexts if s 0 t => C[s] 0 C[t], for 
any linear context C; a congruence if it is an equivalence relation closed under 
contexts; subterm compatible, or having the subterm property if 0 [s] 0 s, for any 
non-trivial context C. 

A partial order (resp. quasi-order on 'T{T,X') is a rewrite order (resp. 
rewrite quasi-order) if it is closed under contexts and substitutions (resp. both 
and ~ are closed under contexts and substitutions); a reduction (quasi-)order 
is a well-founded rewrite (quasi-) order. 

An equation (or axiom) over T{!F,X) is a pair of terms (s, f); an equational 
system over T(lF, A) is a set of equations. An important class of equational sys- 
tems are the permutative or length-preserving theories This class comprises 
the so-called AC-theories, where A stands for associativity and C for commu- 
tativity. AC-theories contain only associative and commutative axioms which 
have the respective forms f{x,f{y,z)) = f{f{x,y),z) and f{x,y) = f{y,x), for 
binary function symbol /. Given a signature J-, we denote by Rac the subset of 
T containing the function symbols which are AC. 

Any equational system EQ generates a congruence on the set of terms; we 
denote by =eq the least congruence closed under substitutions containing EQ. 
Without loss of generality, we assume that any equational system is symmetric, 
i. e., if (s, t) G EQ then also {t, s) G EQ-, however for the sake of simplicity, when 
expressing EQ extensively we omit symmetric equations. With this assumption, 
the equational theory generated by a set of equations becomes: 

Definition 1. The equational theory generated by an equational system EQ is 
denoted by =eq cind is the least congruence on E(T,X) containing EQ and 
closed under substitutions, i. e., s =eq t iff either s = t, or s = Clef] and 
t = 0(62], for some equation (61,62) G EQ, context C and substitution a, or 
s =EQ u and u =eq t, for some term u. 



Definition 2. An equational rewrite system R/EQ consists of a TRS R and an 
equational system EQ, both defined over the same set of terms. Rs associated 
equational rewrite relation ~^r/eq is given by: s ~^r/eq t iff there are terms u, v 
such that s =eq u ^rv =eq t. We speak 0/ equational rewriting or rewriting 
modulo a set of equations. 



^ A linear context is a context with a single occurrence of the trivial context □. 
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A TRS is terminating if its rewrite relation is terminating (i.e., there 
are no infinite rewrite sequences). If EQ is an equational system and R a TRS, 
we say that R is A-terminating (or that R/ EQ is terminating) if the relation 
~^R/EQ is terminating, i. e., if there are no infinite sequences of the form: sq =eq 
s'o Si =EQ s'l ^R S 2 =EQ s '2 ^R S3 . . . 

An equational rewrite system R/ EQ is compatible with a quasi-order ^ = 
U ~ (on T{T, X)) if =eq C ~ and — C We have that BD^3: 

Theorem 1. A rewrite system is terminating if and only if it is compatible with 
a reduction order. An equational rewrite system is terminating if and only if it 
is compatible with a reduction quasi-order. 

Definition 3. B Given a signature T , a replacement map for E is a function 
p : E ^ ■p(IN) such that p{f) C ar(/)}, for any f G E. 

The replacement function indicates which positions of a term may be reduced. 
For example if p{f) = {1,3} then the term f{ti,t 2 ,t 3 ) may be reduced by 
reducing t\, or the whole term; reductions in t 2 are not allowed. 

The replacement function is the basis for the definition of context-sensitive 
reduction. We take the definition given in instead of the original one: they 
are nevertheless equivalent 

Definition 4. Let p be a replacement map, and let R be a TRS. The context- 
sensitive rewrite relation ^r,h overT{E,X) is the least relation satisfying 

— E ^R,fj, r'^ , for any rule I ^ r G R and substitution cr : A — > T{E, X) 
f {I'l : ■ ■ • : li—l : : ^n) ^ Rw : In ) , t ^ ^ R,fl 

u, f G E and i G p{f), for all h, . . . . .,tn G T{E,X) 

Analogous to the notion of termination and E-termination, we can define 
/i-termination: given a TRS R and a replacement map p, we say that R is p- 
terminating if the relation ^R,fi is terminating. 

The following notion restricts the property closedness under contexts. 

Definition 5. Given a binary relation O over T(E , X) and a replacement map 
p, if s O t implies that /(..., Ui-i, s, ui+i, . . .) 0 /(. . . , Ui_i, t, ui+i, . . .), when- 
ever i G p{f), we say that 0 is closed under ^-contexts. 

3 Context-Sensitive Reduction Quasi-Orders and 
Interpretations 

We start by extending the definition of context-sensitive rewriting (Def. B to 
the AC-framework. The first thing that needs to be done is to define what 
the replacement map can do to AC-symbols. Recall that the only requirement 

^ Of course reductions in the subterms may themselves be restricted. 

^ In IB ttie possibility of defining context-sensitive reduction as in Definition B^s 
also pointed out. 
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we have on a replacement map ^ is that ^(/) C ar(/)}. If the function 

symbol happens to be an AC-symbol, then some values of /i(/) do not make sense 
(this is essentially due to commutativity, since we can permute the subterms 
and bring terms in forbidden positions to positions which are not forbidden). 
Therefore for AC-symbols / either ^(/) = 0 or /r(/) = {1, 2}. 

As mentioned before we will restrict both the rewrite and the AC-steps so 
we will work with two replacement maps Hr and ^ac denoting, respectively, the 
replacement map for rewriting and the replacement map for AC-steps; in the 
following and unless otherwise specified, we will use a generic ^ to denote a pair 
of replacement maps (/ir, ^ac)- 

Definition 6. The restricted equational theory generated hy an equational sys- 
tem EQ and replacement map p is denoted by =EQ,ti o,nd is the least relation 
over T{T, X) that satisfies 

- S =EQ,fj. S, 

- ef =EQ,iJ. e. 2 , for any equation ( 61 , 62 ) S EQ, 

- /(..., ti-i,u, ti+i, . . .) =eq,^i /(■■■, ti-i, V, ti+i . . .), for any terms u, v such 

that u =EQ,fi V, and any position i G p{f), 

~ s =eq,h t, if there exists some u such that s =eq,^i u, and u =eq,ij. t. 

Obviously for any equational system EQ and replacement map p we have 
=EQ,^i C =eq, so in particular =AC,^ac ^ =AC- 

Definition 7. Given an AC-rewrite system R/ AC and replacement maps p = 
(pr,pac), the context-sensitive AC-rewrite relation ^r/ac,^i over T{T,X) is 
given hy: s ^R/AC,tJ. t ^ 3s', : s =AC,tiaa ^R,ur t' t 

The classical way of proving termination of TRS’s is to find a suitable re- 
duction order compatible with the rewrite rules (Theorem equivalently one 
can find a suitable iF-algebra {A, ;^), such that the operations interpreting the 
elements of T are monotone and the order is well-founded. In the notions 
of reduction order and interpretation were extended for context-sensitive rewrit- 
ing. Following this approach, we are going to define /i-reduction quasi-orders 
and interpretations for context-sensitive AC-rewriting; we will then show that 
/i-AC-termination can be characterized in terms of ^-reduction quasi-orders and 
interpretations. First we define ^-AC-termination. 

Definition 8. Given an AC-rewrite system Rj AG and replacement maps p = 
{pr,Pac), we say that R is ^-AC-terminating, or R/AC is ^-terminating, if the 
relation ^r/ac,^i is terminating, i. e., if there are no infinite context-sensitive 
AC-rewrite sequences, sq ’~^r/ac,ii si '^r/ac,ij. S 2 ^R/AC,tJ. ■ ■ ■ 

We now introduce the notion of /i-reduction quasi-order which is an extension 
of the /(-reduction order in but also accounting for the equivalence part. 

Definition 9. Let p = (pr,Pac) be replacement maps. A /i-reduction quasi- 
order on 'T{T,X) is defined to be a well-founded quasi-order ^ on T{iF,X) 
such that >- is closed under substitutions and pr-contexts, and ~ is closed under 
substitutions and pac-contexts. 
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Next we are going to define the concept of compatibility of a /i-reduction 
quasi-order with an AC-term rewriting system. 

Definition 10 . A ^-reduction quasi-order ^ on 'T{T^X') is called compatible 
with an AC-TRS R/AC iff I >- r for every rewrite rule I r G R, and ci ~ 62 
for every equation ( 61 , 62 ) S AC. 

The lemma that follows relates a ^-reduction quasi-order compatible with an 
AC-TRS with the context-sensitive AC-rewrite relation associated with it. 

Lemma 1. Let ^ be a qi-reduction quasi-order compatible with R/ AC , and let 
u,v G T{T,X) be arbitrary. Then (1) if u v then u >- v, and (2) if 

U =AC,fj.aa ^ ihen u ~ 6 . 

We can now state a result analogous to Theorem Jbut for context-sensitive 
AC-rewriting, i. e., we show that /i-termination of an AC-TRS can be shown by 
finding a compatible /i-reduction quasi-order. 

Theorem 2 . An AC-TRS R/AC is /i-terminating iff it admits a compatible 
pL-reduction quasi-order ^ on T{T,X). 

As was mentioned before, another classical way of proving termination of 
rewrite relations is to define a monotone J^-algebra together with a well-founded 
order such that reductions are translated via the interpretation to decreasing 
steps in the order. This notion of interpretation was adapted for context-sensitive 
rewrite relations in we adapt this notion for context-sensitive AC-rewriting. 

Given a signature T, an iF-algebra is defined as usual, i. e., a structure 
consisting of a non-empty set A and an interpretation function /_^ : A" — > A, 
(n > 0) for each function symbol f G IF. The definition of term evaluation is also 
standard. Given an assignment a : A ^ A, we define the term evaluation [a] : 
T{T,X) A, as: (1) [a\x = a(x), for any x G X, and (2) [a]/(fi, . . . , = 

fA{[a\ti , . . ., \a]tn), for any f G T, and terms ti, . . .,t„ G T{T,X). 

In order to use J^-algebras for proving termination we still need to require 
some more properties. In general, one requires that the underlying set of the al- 
gebra is well-ordered by some well-founded partial order and that the interpreta- 
tion functions are monotone in all arguments. For context-sensitive relations 
this last requirement can be relaxed since we only need to require monotonic- 
ity for arguments that may be reduced (/i^-monotonicity; this is the approach 
taken in ^3), and for context-sensitive AC-relations one needs to impose extra 
requirements, namely that the interpretation and the order are somehow com- 
patible with the restricted AC-theory (this actually means that a partial order 
is not suitable for our purposes and we need to work with quasi- orders). 

Definition 11. Let pL = {p,r,p,ac)- A /(-monotone iF-algebra (A,iF, is an 
J- -algebra {A^T) provided with a quasi-order >: in A, such that 

— every interpretation function is p,r-monotone, i. e., if f G T, i G pir{f), 
a,bG A and a >- b then /^(. . . , Oi-i, a, a^+i, . . .) ;^ /^(. . . , Oi-i, b, a^+i, . . .), 
for all Oj G A,1 j n, j i. 
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— every interpretation function is stable on p,ac~ arguments with respect to 
the equivalence i.e., if f G if, i G t^ac{f), a,b G A and a ^ b then 
fA{- ■ ■ , ai-i, a, Qi+i, . . .) ~ /a(- ■ ■ , Oi-i, 6, Oi+i, . . .), for all aj G A,1 < j < 
n,j i. 

If additionally ^ is well-founded, we say that the algebra is well-founded. 

As usual a monotone algebra induces an order relation on the set of terms. 

Definition 12. Let p, = (pr,tJ'ac)- Let A = {A, if, A) be a p-monotone T- 
algebra. The quasi-order induced by A on T{T,X) is defined by: t t' 

if and only if [a](t) [a]{t'), for all a : X ^ A; and t t' if and only if 

[a](t) ~ [o!](t0; foi" all a : X ^ A. 

It is not difficult to see that U is indeed well-defined and a 

quasi-order. 

The following lemma establishes that a, {pr, Pac)-enonotone J^-algebra induces 
a (/ir, AiQc)-reduction quasi-order on terms. 

Lemma 2. Let p = (pr,Pac)- Let A = (A,1F, be a non-empty well founded 
p-monotone J- -algebra. Then the relation on X) is a p-reduction quasi- 
order. 

As a consequence of the last statement and Theorem^ we are now able to 
say that finding a non-empty well-founded /i-monotone iF-algebra, which induces 
a quasi-order on terms, is another way of proving ^-termination of an AC-TRS. 

Theorem 3. Let pr and pac be replacement maps for T , and let p = {pr, Pac)- 
An AC-TRS R/AC is p-terminating if and only if a non-empty well-founded 
p-monotone T-algebra A= {A,T,'^) exists for which is compatible with 
RjAC. 

Proof. If there exists a non-empty well-founded ^-monotone J^-algebra compati- 
ble with R/AC, the conclusion that R/AC is ^-terminating comes from applying 
Lemma J and then Theorem ^ Conversely, if R/AC is ^-terminating then the 
algebra obtained by taking A = T(J^, X), interpreting each function symbol by 
itself, and by taking ^ u- ~AC,u.aa) is a non-emptj well-founded, 

^-monotone and compatible with R/ AC . 

4 Relating Context-Sensitive AC-Rewriting and 
AC-Rewriting 

In a transformation is given that allows to study context-sensitive termina- 
tion in terms of termination of a non-context-sensitive relation. In this section 
we modify and extend the method for context-sensitive AC-rewriting: we present 
a new transformation which encompasses the one given in and adapt it to 
AC-rewriting. Before doing so, we give an intuitive idea of the transformation. 

Recall that T{F,X) is non-empty. 
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The goal is to introduce the effects of the replacement map in the TRS directly so 
that one obtains a different TRS such that its termination implies /i-termination 
of the original. The simplest way of doing so is to replace each forbidden posi- 
tion in a term by a new constant, and apply this transformation to the left and 
right-hand sides of every rule. We show this transformation with an example. 

Example 1. Q Let R be given by the rules 

sel{Q, h : t) ^ h sel{s{n), h : t) ^ sel{n, t) from{n) — > n : froin{s{n)) 

These rules describe the selection of an element of order n from an arbitrarily 
long list. The list constructor is represented by the infix function symbol 
Clearly the system is not terminating, however using a lazy reduction strategy we 
would only evaluate from{s{n)) whenever that evaluation would be necessary for 
obtaining the result. This can be simulated with context-sensitive rewriting by 
stating that ^r(0 = {1} (Mr(/) = {1, • ■ • , ar(/)} for all other function symbols), 
disallowing reductions in the second argument of ” . If we would apply our naive 
transformation to the system, we would get (where o is a fresh constant): 

se/(0, h : o) ^ h sel{s{n), h : o) ^ sel{n, t) from{n) ^ n : o 
and this is not even a TRS. 

We can already see what is wrong with this transformation: we may have 
variables which occur in forbidden positions in the left-hand side but in non- 
forbidden positions in the right-hand side and this transformation then loses 
those variables resulting in a system which is not even a TRS. 

In order to avoid the problem illustrated in the example, we have to keep track 
of the variables which go from forbidden to visible positions when we go from I 
to r in a rule I ^ r. The method given in to achieve this consists in marking 
function symbols and variables occurring in forbidden positions. The marking 
has to be such that when a variable goes from forbidden to allowed positions we 
may be able to undo the marking. We will use the following marking: we will 
underline function symbols, and a variable x occurring in a forbidden position 
in the left-hand side of a rule will be replaced by a term a{x) in the right-hand 
side of the rule. In this notation we depart slightly from the notation of 
for marking terms, there function symbols are overlined instead of underlined. 
However in order to avoid confusion with the operation of flattening, commonly 
used in AC-systems and usually denoted by overlining, we replace overline by 
underline. We illustrate this in the previous example. 

Example 2. The system corresponding to the marking of R is the following: 
se/(0, h : t) ^ h sel{s{n), h : t) —>■ sel{n, a(t)) from{n) —>■ n : from{s_{n)) 

The previous example also illustrates the difference between our transforma- 
tion and the one presented in Q. Using the method from Q the third rule 
would be from{n) — > n : from{s{n)). With this method only head function 
symbols are marked, and not all function symbols. 

We now give the definition of marking (underlining) . 
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Definition 13. For every term in 'T{T,X), underlining is defined by 

x = x for X G X 

fjti, ■■■fn) = fih, . . for f G T 

We formalize now the concept of variable appearing in a forbidden position; 
forbidden positions are always relative to a replacement map. 

Definition 14. Given a term t G T{iF,X) and a replacement map p,, the 
set Forbft) of forbidden variables oft is defined inductively as: 

— Forb{x) = 0, for any x G X , 

- For6(/(ti,...,t„)) = for f G T, 

h,...,tri G T{T,X). 

We say that a variable x is forbidden or appears in a forbidden position wrt a 
term t if x G Forb(t) . 

As we said before, given a rewrite rule I —> r, a, variable x appearing in a 
forbidden position in I has its non-forbidden occurrences in r replaced by a term 
a(x). This can be achieved by defining a special substitution. 

Definition 15. Let p be a replacement map. For any term t, we define the 
substitution rft) by = a{x), if x G Forbft) and = x, otherwise. 

For example in the rule /(a;, y, y) g{x, x, y), with pfif) = {2}, pfig) = {2}, 
we have Forb{l) = {x, y} and applying the substitution t{1) to r we get the term 
g{a{x),a{x),a{y)). 

Notation 1. In the following, let ^ = {f \ f G IF}, IF' = IF U ^ U {a}, where 
a is a fresh unary function symbol, and Tac = IFac G {f : f G Tag}- will 
denote by AC' the associative-commutative equations for the symbols in Tac ■ 

The actual marking of the rewrite rules is done with the function <F given next; 
this function differs from the one given in Q in the way forbidden subterms 
are handled. 

Definition 16. The function <L> : T{T, X) T{T' , X) is defined as follows: 

— 'F{x) = X, for any x G X , 

- <T{f{ti, . ..,tn)) = f{ui, . ..,Un), for any f G T, where Ui = <P{ti) ifi G p{f), 
and Ui = ti, otherwise. 

Given a TRS R, the TRS ‘T{R) is defined by: ^{R) = {^{l) | I -i- 

r G R}. 

In order to relate y- (AC- ) termination with (AC-)termination, the function 
<l> is not enough. Note that this function transforms the original TRS in another 
one, but introduces new terms in the right-hand side of rules, corresponding to 
the marking of variables. To be able to simulate the y-reductions of the original 
context-sensitive system, we must have the possibility of eliminating the marking 
of variables. This is done with another TRS that we define next. 
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Definition 17. The TRS Bar{T) over T' is defined by 

{ a{f(xi, . ..,Xn)) fiui,- ■■,yn) for all f G T, where 

yi = a{xi), if i G fi{f), and 
yi = Xi, ifi i fj,{f) 

f{xi,...,Xn) f{xi, ...,Xn) for all f G R 

a(x) — *■ X 

The difference between the system Bar{T) given in Definition and the 
system given in is in the first rule. As we mark all function symbols appearing 
in forbidden positions, we must also be able to unmark them recursively when 
they change to non- for bidden positions. 

Recall that we are working with two replacement maps and ^ac] in the 
following all functions/definitions which depend on a replacement map (eg. 
Bar{T), )) will be taken with respect to the replacement map restricting 
the rewrite steps yir- 

We can now state the main result of this section (like Proposition 4 in ^3). 

Theorem 4. Let R/AC he an AC-TRS over T . Let pLr, p-ac be replacement maps 
for T such that Pr(f) ^ for all AC-symbols f . Let AC'^^^ be the AC -theory 
restricted by the replacement map pac- If U Bar{T)) / AC'^^^ terminates 

then R/AC p-terminates. 

The converse of this result does not hold; the example given in for the 
analogous result, with an AC-symbol added can be used to show that the con- 
verse of Theorem H does not hold either. As for the condition imposed on the 
replacement map pr with respect to AC-symbols, this condition is necessary in 
order to ensure that the function <L> is compatible with the AC-theory, as we 
discuss later. 

Before proving Theorem ^ we present a small example showing that our 
transformation subsumes the one from Q. 

Example 3. The system f{x) g{h{f{x))) (without AC-symbols) is pr~ 
terminating for a replacement map Pr{f) = Pr{h) = {1} and Pr{g) = 0; accord- 
ing to the transformation from the system 'T{R) U Bar{E) would contain 
the rule f{x) — > g(hff{x))) which is not terminating, so ^^-termination of the 
original system could not be inferred in this case; our system <?(i?) U Bar{T) 
would contain instead the rule f{x) — *■ g{hff{x))) and will be terminating. In 
general better results will be obtained by marking the subterms recursively in- 
stead of marking only the head function symbol of a subterm occurring in a 
position not indexed by the replacement map. 

To prove Theorem^we show that if s =AC,^iac ^ <T{s) =AC',^iac and 

if s t then 4>(s) ^(^)- 

Lemma 3. Let pr, Pac be replacement maps for F such that Pr{f) 0, for all 
AC-symbols f, let s,t G T{F,X). Lf s =AC,fiac t ^b,en <L{s) =AC',Uaa ond 
S=AC',Ua.c t- 
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The previous result, is not valid if we consider AC-symbols with forbidden 
positions. Consider the following terms s = f{f{x,y),z)) and t = f{x,f{y,z)). 
Then obviously s =ac t and <P{s) = f {f_{x , y) , z) , <P{t) = f{x,f{y,z)), and 
using only the AC-equations for /, /, there is no way of relating <?(s) and ^{t). 
This is not surprising and can be solved at least in two different ways. One can 
incorporate equations of the form f{f{x, y), z) = f{x, f{y, z)) to the equational 
theory; this has the unpleasant consequence that the equational system no longer 
is an AC-system and therefore cannot be dealt with methods typically used for 
AC-systems. One can also work with the flattened form of terms. In that case 
we never have two consecutive occurrences (one rooted just below the other) of 
the same AC-symbol in the same term, so this problem does not arise. But one 
has then to develop all the theory using flattened terms and flattened rewriting, 
a more difficult notion to work with (see B) . 

The following result is adapted from . 

Lemma 4. Lett,uG T{T,X). u then <P{t) ^t'iR)uBar{y^) 

We can now prove the main result. Theorem J 

Proof. (Theorem^ Assume that R/AC is not /r-terminating. Then there is an 
infinite reduction so =AC,tiac si s'l S2 4 ■ ■ According 

to LemmasHand| respectively, if Si =ac,ii^c Si+i then ^(si) =AC',iiac ^(si+i)> 
and if Si 4 then <P{si) ^J(^)uBar(.F) ^(4)- Then <P{sq) =AC',iLa. Hsi) 

^l(R)UBar{:F) ‘^(4) Hs2) ^J(fl)uBar(.F) ^^(4) ■ • which COntradictS 

<?(i?) U Bar{T) / being terminating. 

If one wants to use automatic methods to prove termination of {^{R) U 
Bar{T)) / AC'^^^ then it is better to use the full AC"-theory instead of its re- 
stricted version AC'^^^. The following corollary can then be of practical use. 

Corollary 1. Let R/AC be an AC-TRS over T. Let ynyac be replacement 
maps for T such that y-r{f) 4 for oil AC-symbols f. Lf {^{R) U Bar(Tf) j AC 
terminates then R/AC y-terminates. 



4.1 Optimizing the Method 

In an optimization of the transformation method was given. This optimiza- 
tion was based on the observation that it was unnecessary to mark function 
symbols which did not appear in the rewrite rules of <?(i?) and therefore the set 
of marked symbols can be reduced (as well as the set of rules for handling the 
marking) . We will also apply that optimization in our setting (this optimization 
will also affect AC-symbols). First we introduce the following notation: 

Notation 2. Ln the following, let 

^ — {f I / £ ond f occurs in <L{1) or <?(r), for some I r G R } 
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and let ^ = {f \ f £ represents the AC-theory generated by Tac 

plus the AC- equations for the symbols 5 G such that g is an AC-symbol, and 
^C'/iac represents the p.ac restricted AC theory. 

We define the TRS A which will be used for removing redundant marks. 

Definition 18. The TRS A over T(lF', df) contains the rewrite rules: 

f{xi,...,Xn) f{xi,...,Xn),for all f £ T \ T 



Theorem 5. The TRS A is complete, i. e., confluent and terminating. 



The previous theorem tell us that A actually defines a function, namely the 
function that given a term associates to it its (unique and always existing) normal 
form wrt the TRS A. It is not difficult to see that this function coincides with 
the function A from 

In the rewrite system T{R, p) was defined as ^{R) U Bar{T) and shown 
to have the same termination properties as 'T{R) U Bar(iF); we will proceed 
similarly. We define the TRS T'{R,pr) which is obtained by filtering the TRS 
'P{R) U Bar{T) through the function A defined above. This filtering is achieved 
by taking the rewrite rules A{1) A{r), where I ^ r is a rule in U Bar{T) 

and A{1) A{r). Indeed this filtering induces a partition of 'P{R) U Bar (if) = 

S U T, such that T contains all rules I — > r for which A{1) = A{r), and S all 
the other rules. It is not difficult to see that the TRS T contains the rules: 
f{xi, . . . , Xn) f{x\, ■ ■ ■ , Xn) for all / G IF \ IF and the normalized S, which 
coincides with T{R,fj,r), contains rules: 



<T{R, pr) 



'm 

a{f{xi, . ..,Xn)) 

< a{f{xi,...,Xn)) 

f{xi, ...,Xn) 

_ a{x) 



(^(t-))'^( 0 for alH ^ r G i? 
f{ui, . . . , Un) for all f £ T , where 

Ui = a{xi), if i G Pr{f) and 
Ui = Xi, if i ^ p^{f) 
f{u \ , . . . , u„) for all / G IF \ .F, where 

Ui = a(xi), if i £ Pr{f) and 

Ui = Xi, if i^ prU) 

f{xi, ...,Xn) where f £ T 

X 



Now we state that the TRS thus obtained has the same termination proper- 
ties as d>(R) U Bar (if). 

Theorem 6. T{R, p^) / AC is terminating iff <P{R) U Bar{T) / AC'^^^ is ter- 
minating. 

The set T corresponds to Fo in 
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5 Examples 



Example 4- The following system defines the operational semantics of a process 
language which has sequential (;) and parallel (||) composition and a choice 
operator (+) to account for non-determinism of computations. The language 
has a non-terminating iterator constructor (It) and instructions for terminating 
execution (abort) or do-nothing (skip). 

In order to avoid infinite reductions of a term containing the iterator, we 
only allow for reductions on the first argument of that is fj,r (', ) = {1} (for 
all other function symbols /, pLr(f) contains all positions). This strategy also 
corresponds to the operational semantics of the sequential operator, which is 
to execute the second instruction only after the preceding one is complete. The 
AC-operators are 1 1 and -I- and we do not restrict AC-steps. 



It(p) p ; It(p) 

(p + q) ; r ^ (p ; r) + (q ; r) 
(p ; q) ; r ^ p ; (q ■ r) 
p ; skip — !■ p 

abort ; p abort 



p + q 
p + q 
p II abort 
p II skip 
p\\(q + r) 



P 

q 

abort 



P 

(p II q) + (p II r) 



In order to see that Rj AC is /i-terminating we define a /i-interpretation as 
follows. We take the set IN 2 of all naturals greater than one, ordered by the usual 
order on IN and define the interpretation functions: /t]N(a:) = 2a; -I- 1, a; ;in y = 
2x, X -|-]N y = X + y + l,x ||]n y = xy, aborts = 2, skip^ = 2. 

It is not difficult to see that with these operations IN 2 constitutes a (non- 
empty) /i-monotone well-founded J^-algebra compatible with the AC-theory for 
symbols ||,-|- and compatible with the rewrite rules, so according to Theorem 
B Rj AC is /a-terminating; note that Rj AC is not terminating due to the first 
rewrite rule. 



Example 5. Let -I- be AC, and suppose we have the system: 

f(x) X : f(d(x)) 0 -b y ^y 

d(0) — > 0 s(a;) + y ^ s(x + y) 

d(s(x)) d(x) + s(s(0)) 

where stands for the list constructor and the function / computes the list with 
elements x, 2x, 4x, . . .. Suppose that pLr(') = {1} and Pr(g) = {1, ■ ■ ■ , O'i^(g)}, for 
any g We do not restrict AC-steps. The system 'E(R, yr) consists of the rules 
above but with the first rule replaced by f(x) — *■ x : f(d(x)); furthermore it also 
contains the rules a(x + y) ^ a(x) + a(y), a(f(x)) —>■ f(a(x)), f(x) f(x), 
a(d(x)) d(a(x)), d(x) d(x), a(s(a;)) ^ s(a(x)), a(x : y) a(x) : y, and 

a(a;) ^ a;, -b is the only AC-operator. 

/a-termination of R/AC is proven if we prove AC-terminatio n of E(R,yr)- 
This can be done using an AC-compatible order like the one in with the 
precedence satisfying a > f > f,:,d, a > d > d,0,+, + > s. 
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Example 6. The following example represents a function that checks whether 
two trees representing arithmetic expressions are the mirror image of each other 
and in this case computes the value of the expression (for the sake of simplicity 
we only consider the operator -I-). AC-operators are -I- and and. 



mirror{x, y) 
m(0, 0) 
m(0, s(a::)) 
m{s{x),s{y)) 
m{x + y,z + w) 
if {true, X, y) 



if{m{x,y),x, false) 

true 

false 

m{x,y) 

ra{x, w) and m{y, z) 

X 



0 + y 
s(x) + y 
true and x 
false and x 



y 

s{x + y) 

X 

false 



if{false,x,y) y 



This TRS is actually AC-terminating as can be seen using the order from 
for example. But one can avoid unwanted reductions and AC-steps by stating 

that y,r{if) = {1} and pLac{mirror) = y,ac{m) = 0. 



6 Conclusions 

The concept of context-sensitive rewriting was introduced by Lucas It is a 
restriction of the rewrite relation which allows for a finer control of reductions 
and is related to lazy evaluation strategies in functional languages. In this paper 
we extended the concept of context-sensitive rewriting to rewriting modulo an 
AC-theory by restricting both rewrite steps and AC-steps, and we studied the 
termination properties of context-sensitive AC-rewriting following the approach 
of Zantema for context-sensitive rewriting. Context-sensitive (AC) termina- 
tion, or /r-termination is a more general property than (AC) termination since 
this last property implies the former but not vice-versa, thus context-sensitive 
relations can also be used to study termination properties of reduction strategies 
for systems that are not terminating. We presented two techniques for proving y- 
AC-termination: the first method provides a complete technique and consists in 
the definition of a suitable interpretation algebra for the (restricted) AC-rewrite 
system and the context-sensitive AC-rewrite relation, then /i-AC-termination of 
a system Rj AC can be concluded from the existence of such a suitable inter- 
pretation. The second, not complete, method consists in transforming the (re- 
stricted) AC-rewrite system and the context-sensitive relation in an (restricted) 
AC-rewrite system where the reduction relation considered is either the usual 
AC-rewrite relation or a restricted version thereof (the restriction is on the ap- 
plication of AC-steps); /i-AC-termination of the original system can be inferred 
from (restricted) AC-termination of the transformed system. The advantage of 
this method over the previous one is that usual well-known techniques for prov- 
ing AC-termination can be used to infer /i-AC-termination. It is also possible 
to develop a transformation for relating restricted and unrestricted AC-theories 
and lifting the restriction /ir(/) 0, for / e AC\ for that the use of flattened 

/(-rewriting is needed (see Q for details) . 

The extension of context-sensitive rewriting presented restricts the appli- 
cations of reductions steps and the application of AC-steps; it is not difficult 
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to find examples where restriction of application of AC-steps leads to termi- 
nation while unrestricted application does not (consider for example the rule 
f{a + b) ^ f{b + a) with fiac(f) = 0), however we do not have yet interesting 
applications for which it is useful to also restrict AC-steps. 

In the future we intend to focus in these kind of applications and also study 
the confluence properties of the relation presented. 



Acknowledgements. The authors would like to thank Salvador Lucas for his 
helpful comments. 
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Abstract. This paper is concerned with the foundations of the Cal- 
culus of Algebraic Constructions (CAC), an extension of the Calcu- 
lus of Constructions by inductive data types. CAC generalizes induc- 
tive types equipped with higher-order primitive recursion, by provid- 
ing definitions of functions by pattern-matching which capture recur- 
sor definitions for arbitrary non-dependent and non-polymorphic induc- 
tive types satisfying a strictly positivity condition. CAC also generalizes 
the first-order framework of abstract data types by providing depen- 
dent types and higher-order rewrite rules. Full proofs are available at 
http : //www .Iri . fr/ ~blanqui/publis/rta99full .ps .gz. 



1 Introduction 

Proof assistants allow one to build complex proofs by using macros, called tactics, 
which generate proof terms representing the sequence of deduction rules used 
in the proof. These proof terms are then “type-checked” in order to ensure the 
correct use of each deduction step. As a consequence, the correctness of the 
proof assistant, hence of the verification itself, relies solely on the correctness of 
the type-checker, but not on the tactics themselves. This approach has a major 
problem: proof objects may become very large. For example, proving that 0 + 100 
equals its normal form 100 in some encoding of Peano arithmetic will generate 
a proof of a hundred steps, assuming + is defined by induction on its second 
argument. Such proofs occur in terms, as well as in subterms of a dependent type. 
Our long term goal is to cure this situation by restoring the balance between 
computations and deductions, as argued in The work presented in this 
paper intends to be a first important step towards this goal. To this end, we 
will avoid encodings by incorporating to the Calculus of Constructions (CC) Q 
user-defined function symbols defined by sets of first and higher-order rewrite 
rules. These rules will be used in conjunction with the usual proof reduction rule 
that reduces subterms in dependent types: 

* This work was partly supported by the Grants-in-aid for Scientific Research of Min- 
istry of Education, Science and Culture of Japan, and the Oogata-kenkyuu-jyosei 
grant of Keio University. 
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r h M-.T 

r h M :T' 

Since the pioneer work by Breazu-Tannen in 1988 | on the confluence of the 
combination of the simply-typed A-calculus with first-order algebraic rewriting, 
soon followed, as for the strong normalization, by Breazu-Tannen and Gallier ^ 
and, independently, by Okada this question has been very active. We started 
our program at the beginning of the decade, by developing the notion of abstract 
data type system in which the user defined computations could be described 
by using rewrite rules belonging to the so-called General Schema, a generalization 
of higher-order primitive recursion. This work was done in the context of a 
bounded polymorphic type discipline, and was later extended to CC 

In Q, we introduced, in the context of the simply-typed A-calculus, a new and 
more flexible definition of the General Schema to capture the rewrite rules defin- 
ing recursors for strictly positive inductive types problem left open in . 
In this paper, we similarly equip GG with non-dependent and non-polymorphic 
inductive types, and first and higher-order rewriting. Our main result is that 
this extension is compatible with GG. 

In strictly positive inductive types can be dependent and polymorphic. 
Hence, further work will be needed to reach the expressive power of the Galculus 
of Inductive Gonstructions implemented in the Goq proof assistant all 
the more so since it handles strong elimination, that is the possibility to define 
types by induction. But our new General Schema seems powerful and flexible 
enough to be further extended to such a calculus, hence resulting in to a simpler 
strong normalization proof. 

As a consequence of our result, it will become possible to develop a new 
version of the Goq proof assistant, in which the user may define functions by 
pattern-matching and then develop libraries of decision procedures using this 
kind of functional style. Ensuring the consistency of the underlying proof theory 
requires a proof that the user-defined rules obey the General Schema, a task 
that can be easily automated. Note also that, since most of the time, when 
one develops proofs, the efficiency of rewriting does not really matter, the type- 
checker of the proof development system can be kept small and not too difficult 
to certify, hence conforming to the idea of relying on a small easy-to-check kernel. 

2 Definition of the Calcnlus 

2.1 Syntax 

Definition 1 (Algebraic types). Given a set S o/ sorts, we define the sets 
Ts o/ algebraic types.- 

s := s I (s^ s) 

where s ranges over S and—^ associates to the right such that si — > (s 2 ^ S 3 ) can 
be written si ^ S2 ^ S3. An algebraic type si — > . . . ^ s„ is first-order if each Si 
is a sort, otherwise it is higher-order. 
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Definition 2 (Constructors). We assume that each sort s has an associated 
set C(s) 0/ constructors. Each constructor C is equipped with an algebraic type 
t{C) of the form si ^ s; n is called the arity of C , and s its output 

type. We denote by C" the set of constructors of arity n. 

A constructor C is first-order if its type is first-order, otherwise it is higher- 
order. Constructor declarations define a quasi- ordering on sorts: s >5 t if and 
only ift occurs in the type of a constructor belonging to C(s). In the following, 
we will assume that >5 is well-founded, ruling out mutually inductive sorts. 

Definition 3 (Algebraic signature). Given a non empty sequence si , . . . , s„, s 
of algebraic types, we denote by ^ the set of function symbols of arity 

n, of type T{f) = s\^ . . s and of output type s. We will denote by fF" 

the set of function symbols of arity n, and by T the set of all function symbols. 
Function symbols with a first-order (resp. higher-order) type are caZZed first-order 
(resp. higher-order j. 

Here are familiar examples of sorts and functions: 

(i) the sort bool of booleans whose constructors are true : bool and false : 
bool; ifj of arity 3 is a defined function of type bool — > Z — > t — > Z, for any 
algebraic type Z; 

(ii) the sort nat of natural numbers whose constructors are 0 : nat and 
s : nat ^ nat; -|- of arity 2 is a defined function of type nat —> nat ^ nat; 

(iii) the sort listj of lists of elements of an algebraic type Z whose construc- 
tors are nilj : listj and cons* : Z ^ listj ^ listt; append^ of arity 2 is a 
defined function of type listj — > listj — > listj, while map^ of arity 2 is a 
defined function of type (t—^t') — > listj — > listj/; 

(iv) the sort ord of ordinals whose constructors are Oord : ord, Sord : ord^ 
ord and liniord : (nat — > ord) — > ord. 

Definition 4 (Terms). The set Term of CAC terms is inductively defined as: 

a := a; I s I * | □ | Xx:a.a \ Ilx-.a.a | (a a) | C{a \, . . . , a„) | /(oi , . . . , a„) 

where s ranges over S, C over , f over and x over Var, a set of variables 
made of two disjoint infinite sets Var° and Var* . The application (ab) associates 
to the left such that (oi 02) 03 can be written oi 02 03. The sequence of terms 
a\ . . .On is denoted by the vector a of length |a| = n. A term C{a) (resp. f{a) ) 
is said to be constructor headed (resp. function headed/ 

After Dewey, the set Pos{a) of positions in a term a is a language over the 
alphabet IN"'' of strictly positive natural numbers. Note that abstraction and 
product have two arguments, the type and the body. The subterm of a term a 
at position p S Pos{a) is denoted by a\p and the term obtained by replacing a\p 
by a term b is written a[b]p. We write a ^ 6 if 6 is a subterm of a. 

We note by FV (a) and BV (a) the sets of respectively free and bound vari- 
ables occurring in a term a, and by Var(a) their union. By convention, bound 
and free variables will always be assumed different. As in the untyped A-calculus, 
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Fig. 1. Typing rules of CAC 



(ax) 


T 

□ 


(sort) 


h s : ^ 


(var) 


r \- c'.p 

r,x ■. c\- x-.c 


(weak) 


r \- a-.b r \- C'.p 
1\ X '. c\- a-.b 


(cons) 


r \~ Q.1 . Si . . . r \~ dn . Sn 


r C{ai , . . . , a„) :s 


(fun) 


r \~ txi . Si . . . r \~ dfi . Sn 


r /(oi, . .. ,an):s 


(abs) 


r,x:a\~b:c F \- {IIx'.a.c)'.( 


r h (Xx'.a.b) : (Ux'.a.c) 


(app) 


r\- a:(nx'.b.c) r\-d:b 

r \- (a d) :c|a;i— >dj 


(conv) 


ri-a:6 r\-b'-.p 


r\- a-.b' 


(prod) 


_ri-a:p r,x : a\- b:q 
r h [Ux'.a.b ) : q 



(s £ 5) 

{x £ Var^ \ dom{r), p £ {*, □}) 

{x £ Var^ \ dom{r), p £ {*, □}) 
(C£C", r((7) = 

(/ e n>0) 

(x ^ dom{r), q £ {*, □}) 

(p £{*,□}, b — >*f)b'orb ' — 6 
or 6 — y*nb' or 6' — 6) 
{x ^ dom{r), p,q£ {*, □}) 



terms that only differ from each other in their bound variables will be identified, 
an operation called a- conversion. A substitution 9 of domain dom{9) = {a;} is 
written {a; i— > b}. Substitutions are written in postfix notation, as in a9. 

Finally, we traditionally consider that (6 a), Xx : a.b and Ux : a.b, de- 
note all three the term 5 if a is the empty sequence, and the respective terms 
(. . . ((5 oi) 02 ) ... Qn), Axi : oi.(Aa; 2 : 02 .(. . . {Xxn : a„.6) . . .)) and Uxi : ai.{IIx 2 '■ 
02 . (. . . {Uxn-cin-b) ■ ■ .)) Otherwise. We also write a—^b for the term Ux'.a.b when 
X ^ FV{b). This abbreviation allows us to see algebraic types as terms of our 
calculus. 



2.2 Typing Rules 

Definition 5 (Typing rules). A declaration is a pair x:a made of a variable 
X and a term a. An environment F is a (possibly empty) ordered sequence of 
declarations of the form Xi:ai, . . .,a;„:a„, where all Xi are distinct; dom(F) = 
{a;i, . . . , a;„} is its domain, FV{F) = Ux-aGr'^^(®) of free variables, 

and F{xi) = o^. A typing judgement is a triple F \- a\b made of an environment 
F and two terms a, b. A term a has type b in an environment F if the judgement 
T h o : 5 can be deduced by the rules of Figure^^ An environment is valid if* 
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can be typed in it. An environment is algebraic if every declaration has the form 
x:c, where c is an algebraic type. 

The rules (sort), (cons) and (fun) are added to the rules of CC 0. The (conv) 
rule expresses that types depend on reductions via terms. In CC, the relation 
used in the side condition is the monotonic, symmetric, reflexive, transitive clo- 
sure of the /3-rewrite relation (Xx:a.b) c — b{x<-^c}. 

In our calculus, there are two kinds of computation rules: /3- (or proof-) 
reduction and the user-defined rewrite rules, denoted by — This contrasts 
with the other calculi of constructions, in which the meaning of (conv) is fixed 
by the designer of the language, while it depends on the user in our system. 
The unusual form of the side condition of our conversion rule is due to the fact 
that no proof of subject reduction is known for a conversion rule with the more 
natural side condition b< — b' . See 0 for details. 

The structural properties of CC are also true in CAC. See 0 and 0 for 
details. We just recall the different term classes that compose the calculus. 

Definition 6. Let Kind be the set {K G Term \ 3T, T h AT: □} o/kinds, Constr 
be the set {T G Term \ 3T, 3K G Kind, T \- T: K} of type constructors, Type be 
the set {t G Term \ 3T, T \- r:*} o/ types, Obj be the set {u G Term \ 3T, 3t G 
Type, T \- u'.t} o/ objects, and Thm be the set Constr U Kind o/ theorems. 



Lemma 7. Kinds, type constructors and objects can be characterized as follows: 

• K :=-k\ Kx-.t.K I Ka-.K.K 

• r := s I a I nx-.T.T I na:K.T \ Xx:t.T \ Xa:K.T \ (T u) \ {T T) 

• U '.= X \ C{u\, . . ., Un) I f{ui , . . ., Un) \ Xx'.T.U \ Xa'.K.U I (u u) I (u T) 
where a G Var° and x G Var* . 

2.3 Inductive Types 

Inductive types have been introduced in CC for at least two reasons: firstly, to 
ease the user’s description of his/her specification by avoiding the complicated 
impredicative encodings which were necessary before; secondly, to transform in- 
ductive proofs into inductive procedures via the Curry-Howard isomorphism. 
The logical consistency of the calculus follows from the existence of a least fix- 
point, a property which is ensured syntactically in the Calculus of Inductive 
Constructions by restricting oneself to strictly positive types ^9. 

Definition 8 (Positive and negative type positions). Given an algebraic 
type s, its sets of positive and negative positions are inductively defined as follows : 
Pos+(s G 5) = e Pos~{s G 5) = 0 

Po^{s—^t) = l■Po.s~{.s) U 2-Pos+(t) Pos~{s—>t) = l'Po^{s) U 2-Pos~{t) 
Given an algebraic type t, we say that s does occur positively int if s occurs 
in t, and each occurrence of s in t is at a positive position. 
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Definition 9 (Inductive sorts). Let s be a sort whose constructors are Ci, . . 
Cn and suppose that Ci has type s\^ . . sl^.^ s. Then we say that: 

(i) s is a basic inductive sort if each s® is s or a basic inductive sort smaller 
than s in <s, 

(ii) s is a strictly positive inductive sort if each s® is either a strictly positive 

inductive sort smaller than s in <s, or of the form s( Sp-*- s where each 

s(. is built from strictly positive inductive sorts smaller than s in < 5 . 

In the following, we will assume that every inductive sort of a user specifica- 
tion is strictly positive. 

The sort nat whose constructors are 0 : nat and s : nat ^ nat is a basic 
sort. The sort ord whose constructors are Oord : ord, Sord : °rd — > ord and 
liniord : (nat — > ord) — !■ ord is a strictly positive sort, since ord >5 nat. 

Definition 10 (Strictly positive recursors). Let s be a strictly positive in- 
ductive sort generated by the constructors C\, . . . ,Cn of respective types s( — > 
...—*■ ^ s. The associated recursor reel 0 / algebraic output type t is a func- 
tion symbol of arity n + 1 , and type s ^ ^ . . . — > ^ t where U = s( ^ . . . — > 

s^. ^ s({si— > t} — > . . .^ > t} — It is defined by the rewrite rules: 

recl{Ci{a),b) — > biad where 

dj = Qj if s is not in s\, otherwise s® = — > . . . ^ Sp ^ s and 

dj = Aa;:s'{s 1 — > t}.recl{aj x, h). 

Via the Curry-Howard isomorphism, a recursor of a sort s corresponds to the 
structural induction principle associated to the set of elements built from the 
constructors of s. Strictly positive types are found in many proof assistants based 
on the Curry-Howard isomorphism, e.g. in Coq Here are a few recursors: 

rec(,ooi(true, u,v) — > u rec*^t( 0 , u,v) > u 

retool (false, u,z;) — > v rec*^^(s(n), u, z;) > v n rec*^^,(n, m, u) 

rec*,.^( 0 ord, u, v, w) — > u 
rec*,.^(sord(n), u, v, w) — > v n rec*,_^(n, u, v, w) 
rec*rd(limord(/), u, v,w) — > w f An: nat.rec*rd(/ n, u, v, w) 

rec(,ooi is ift, and rec*^^ is Godel’s higher-order primitive recursion operator. 

2.4 User-Defined Rules 

First, we define the syntax of terms that may be used for rewrite rules: 

Definition 11 (Rule terms). Terms built up solely from constructors, func- 
tion symbols and variables ofVar*, are called algebraic. Their set is defined by 
the following grammar: 

a:=x* \ C(ai, . . . , a„) | /(oi, . . . , a„) 

where x* ranges over Var* , C overC^ and f over . An algebraic term is first- 
order if its function symbols and constructors are first- order, and higher-order 
otherwise. The set of rule terms is defined by the following grammar: 
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a:= X* \ Xx*:s.a | (a a) | C{ai, . . .,an) \ f{ai , . . . , a„) 
where x* ranges over Var* , s over Ts, C over C" and f over . A rule term 
is first-order if it is a first-order algebraic term, otherwise it is higher-order. 

Definition 12 (Rewrite rules). A rewrite rule is a pair I — > r of rule terms 
such that I is headed by a function symbol f which is said to be defined, and 
FV{r) C FV{1). Given a set R of rewrite rules, a term a rewrites to a term b 
at position m C Pos{a) with the rule I — *■ r G R, written a — b if a\m = Id 
and b = a[rff\m for some substitution 9. 

A rewrite rule is first-order if I and r are both first-order, otherwise it is 
higher-order. A first-order rewrite rule I — > r is conservative if no (free) variable 
has more occurrences in r than in 1. The rules induce the following quasi- ordering 
on function symbols: f >yr g iff g occurs in a defining rule of f. 

We assume that first-order function symbols are defined only by first-order 
rewrite rules. Of course, it is always possible to treat a first-order function symbol 
as an higher-order one. Here are examples of rules: 

ift(true, u, n) — > u map^ _(,(/, nilt) — > nilt/ 

if((false, u, n) — > v const {x,l)) — ^ constff x,map^^,{f,l)) 

+(a:,0) — > X ack(0,y) — > s{y) 

+{x,s{y)) — > s{-i-{x,y)) ack(s(a;),0) — > ack(a;,s(0)) 

+{+{x,y),z) — > -h(a;,-h(?/, z)) ack(s(a;), s(y)) — > ack(a;, ack(s(a;), y)) 

Having rewrite rules in our calculus brings many benefits, in addition to 
obtaining proofs in which computational steps are transparent. In particular, it 
enhances the declarativeness of the language, as examplified by the Ackermann’s 
function, for which the definition in Coq Q must use two mutually recursive 
functions. For subject reduction, the following properties will be needed: 

Definition 13 (Admissible rewrite rules). A rewrite rule I — > r, where I is 
headed by a function symbol whose output type is s, is admissible if and only if 
it satisfies the following conditions: 

• there exists an algebraic environment Fi in which I is well-typed, 

• for any environment F , F \- l\s => F \- r\s. 

We assume that rules use distinct variables and note by Fa the union of the Fi ’s. 

2.5 Definition of the General Schema 

Let us consider the example of a strictly positive recursor rule, for the sort ord: 

rec*rd(limord(/), u, v,w) — >w f An:nat.rec*rd(/ n, u, v, w) 

To prove the decreasingness of the recursive call arguments, one would like to 
compare limord(/) with /, and not limord(/) with (/ n). To this end, we intro- 
duce the notion of the critical subterm of an application, and then interpret a 
function call by the critical subterms of its arguments. Here, / will be the critical 
subterm of (/ n), hence resulting in the desired comparison. 



308 F. Blanqui, J.-P. Jouannaud, M. Okada 



Definition 14 (r'jS-critical subterm). Given an algebraic type s and an en- 
vironment r, a term a is a r^s-term if it is typable in F by an algebraic type in 
which s occurs positively. A term b is a I^,s-subterm of a term a, a b, if b 
is a subterm of a, of which each superterm is a r,s-term. Writing a F^s-term a 
in its application form oi . . .a„, where oi is not an application, its F,s-critical 
subterm ;\J(a) is the smallest F,s-subterm a\. . .ak (see Figur^^. 

For a higher-order function symbol, the arguments that have to be compared 
via their critical subterm, are said to be at inductive positions. They correspond 
to the arguments on which the function is inductively defined. Next, we define 
a notion of status that allows users to precise how to compare the arguments 
of recursive calls. Roughly speaking, it is a simple combination of multiset and 
lexicographic comparisons. 

Definition 15 (Statns orderings). A status of arity n is a term of the form 
lexfti, . . .,tp) where U is either Xj for some j S [l-.n], or a term of the form 
mul{xki, . ■ . , Xkg) such that each variable xi, 1 < i < n, occurs at most once. A 
position i is lexicographic if there exists j such that tj = Xi. A status term is a 
status whose variables are substituted by arbitrary terms of CAC. 

Let stat be a status of arity n, I be a subset of the lexicographic positions of 
stat, called inductive positions, S = {>*}ig/ a set of orders on terms indexed by 
I, and > an order on terms. We define the corresponding status ordering, >f^at 
on sequences of terms as follows: 

• (ai, . . . ,a„) (6i, . . . , bn) iff stat {x^ a} >^tnt stat{x^b}, 

• lex{ci,. . ., Cp) lex{di,. . ., dp) iff (ci,. . ., Cp) (>t® ,. . ., >t® (di,. . ., dp), 

• >fj is >* if i G I, otherwise it is >, 

• mul{c\ , ... ,Cq) > Tnul{x^g ,... ) mul^dl , . . . , dq) iff {ci , . . . , Cg} > mul{dl , . . . , dq) . 

Note that it boils down to the usual lexicographic ordering if stat = lex{xi , . . . , Xn) 
or to the multiset ordering if stat = lex{mul{xi , . . . , Xn)). >stat well-founded 
if so is > and each >®. 

For example, let > and be some orders, stat = lex{x2,raul{xi,x^)), I = 
{!}, and S = ()^). Then, (01,02,03) >stat (^ij^2,^3) iff 02 62, or else 02 = 62 

and {01,03} >mui 1^1, 

Definition 16 (Critical interpretation). Given an environment F , the crit- 
ical interpretation function <f>j ^ of a function symbol f G T,.^ ^ is: 

• ■■■Wn) = (</>/_^(oi), . . .,(/)}(^(o„)), 

• ((}^{ai) = aiifi^ Ind{f), 

• ^ Ind{f). 

The critical ordering associated to f is >f,r= ^statfi where S = { )ieind{f)- 

According to Definition the critical ordering is nothing but the usual 
subterm ordering at non-inductive positions, and the critical subterm ordering 
of Definition^Jat inductive positions. 

We are now ready for describing the schema for higher-order rewrite rules. 
Given some lefthand side rule, we define a set of acceptable righthand sides. 
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Fig. 2. Critical subterm 

called computable closure. In the next section, we prove that it preserves strong 
normalization. 

Definition 17 (Accessible subterms). A term b is said to be accessible in 
a well-typed term c if it is a subterm of c which is typahle by a basic inductive 
sort, or if there exists p G Vos{c) such that c\p = b, and \/q < p, c\q is headed by 
a constructor, b is said to be accessible in c if it is so in some c G c. 



Definition 18 (Computable closure). Given an algebraic environment F 
containing Fn and a term f{c) typahle in F , the computable closure CC / ,r(c) of 
/(c) in F is defined as the least set of F -terms containing all terms accessible in 
c, all variables in dom(F) \ FV{c), and closed under the following operations: 

(i) constructor application: let C he a constructor of type si — > . . . ^ s„ ^ s; 
then C(u) G CCf^r{c) iff Ui : Si G CCf^r{c) for all i G [l..n], 

(ii) defined application: let g G ^ such that g <j: f; then g{u) G CC f,r{c) 

iff Ui : Si G CCf,r(c) for all i G [l..n], 

(Hi) application: let u: s^t sCC/_r(c) and v: s gCC f,r{c); then {uv) GCCf,r{c), 

(iv) abstraction: let u G CCf,r{c) and x : s G F; then Xx:s.u G CCf,r(c), 

(v) reduction: let u G CCf,r{c), and v be a reduct of u using a /3-rewrite step or 
a higher-order rewrite rule for a function symbol g Kyr f; then v G CC f,r{c), 

(vi) recursive call: let c' he a vector of n terms in CCf^^{c) of respective types 
s\, Sn, such that <f>j ^{c) — c >f,p 4>f ^{c'); then f{c') G CC f^p{c). 

A useful finite approximation of this infinite set is defined by the Coquand’s 
notion of structurally smaller Q, where only cases (i), (iii), (v) (one /3-step 
only) and (vi) are used, with a multiset status which forbids the use of nested 
recursions. Our definition is therefore richer for two independent reasons. Note 
further that Coquand restricts himself to the cases for which his ordering is 
well-founded, a property that we think related to the positivity condition. 

This can also be compared with the current criterion used in Coq for accept- 
ing function definitions by fixpoint and constructor matching Functions are 
defined by induction on one argument at a time, this argument must be construc- 
tor headed, and recursive calls can be made only with its immediate subterms. 
We are now ready for defining the schema: 

Definition 19 (General Schema). A set R of rewrite rules satisfies the Gen- 
eral Schema if 

(i) its first-order part is conservative and strongly normalizing, 
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(ii) each higher- order function f S is defined by a set of admissible 

rewrite rules of the form /(c) — > e such that e € CCf^r{c) for some algebraic F 
containing Fn (the environment in which the rules of R are defined). 

All pattern-matching definitions given so far satisfy the General Schema, in- 
cluding the first-order ones. We could have imposed that the first-order rules 
also satisfy the General Schema: this would have simplified our definition, but 
at the price of restricting the expressivity for the first-order rules. In our for- 
mulation, the strong normalization property of the first-order rules has to be 
proved beforehand. Tools exist that do the job automatically for many practical 
examples. Note that recursor rules of any strictly positive inductive type satisfy 
the General Schema: 

Lemma 20. The recursor rules for strictly positive inductive sorts satisfy the 
General Schema. 

2.6 CAC Computations 

Definition 21 (Reduction relation). Given a set R of rewrite rules satisfy- 
ing the General Schema, including the set Rec of recursor rules of a given user 
specification, the GAG rewrite relation is — > = — The GAG reduc- 
tion relation is its reflexive and transitive closure denoted by — >*. Rs transitive 
closure is denoted by — >“*■. Rs reflexive, symmetric and transitive closure is de- 
noted by < — . A term is in normal form if it cannot be fl-reduced, Rec-reduced 
or R-reduced. An expansion is the inverse of a reduction: a expanses to b if b 
reduces to a. 

Our calculus enjoys the subject reduction property, that is, preservation of 
types under reductions. The proof uses a weak version of confluence, see 

Full confluence is proved after strong-normalization, by using Newman’s 
Lemma, and by assuming there are no critical pairs between any two higher- 
order rules, and between the higher-order rules, the first-order rules and the 
/3-reduction rule (by considering that the abstraction is an unary function sym- 
bol, and the application a binary one). 

3 Strong-Normalization 

A term is strongly normalizable if any reduction issuing from it terminates. 
Strong-normalization and confluence together imply the logical soundness of the 
system as well as the decidability of type-checking. In this section, we investigate 
only the former. Let SN be the set of strongly normalizable terms. 

To prove the strong normalization property for well- typed terms, we use the 
well known proof technique of Girard dubbed “reducibility candidates” Q, fur- 
ther extended by Goquand and Gallier to the Galculus of Gonstructions B. Note 
that these proofs use well-typed candidates, that is, sets of well-typed terms. 
There exists proofs with lighter notations based on untyped candidates but 
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which do not allow one to reason about the type of the elements of a reducibil- 
ity candidate, as it will be necessary to do with our extension of the General 
Schema. For a comprehensive survey of the method, see 

The strong normalization proof of Coquand and Gallier can easily be tai- 
lored to our need. It suffices to define an adequate interpretation for the in- 
ductive types, and to prove that, if the arguments of a function call belong to 
the interpretation of their type, then the function call itself belongs to the in- 
terpretation of its output type. We recall the definitions that are necessary for 
the understanding of our extension, and refer the reader to Q for a complete 
exposition. 

3.1 Interpretation of Theorems 

Definition 22 (Reducibility candidates). We define the set Neutr o/ neu- 
tral terms as being the set of terms that are not an abstraction or constructor 
headed. Let TLa.a = L a \ A' \- a \ A, A' A A}, SNa.a = {A' \~ a € 
Ta,a I a G SN}. 

Given a valid environment A, the family C of saturated sets Ca,a where A is 
a A-theorem, is defined by the properties listed below. 

1. If A = □, thenCA.A is the set 

2. If A is a A-type or a A-kind, thenCA.A is the set of non empty sets S C SNa.a 

such that the following properties hold: 

(51) S A {A' h xa G Ta,a I X G Var and a G SN}. 

(52) For every neutral term t such that Z\' h t G Ta,a, if, for every immediate 
reduct t' of t, Z\' h t' G S, then A' \- t & S. 

(53) Whenever A' \- t S and A! C A!' , then A" h t G S'. 

(54) Whenever A' \- t & S and t' is a reduct oft, then Z\' h F G S. 

3. If A is a type constructor of type IIx-.B.C in A, then Ca,a is the set of 
functions with the following properties: 

(a) If B is a kind, then 

• / C Ca,a is a function with domain {{A' \- T,S) | Z\' h T G Ta,b and 

S G Ca’ ,t} such that f{A' h T, S) G Ca’ .at, 

• f{A' h Ti, Si) = f{A' h T 2 , S 2 ) whenever Ti < — T 2 . 

(b) If B is a type, then 

• / C Ca,a is a function with domain Ta,b such that f{A' \~ t) G Ca’.ai, 

• f{A' h ti) = f{A' h t 2 ) whenever ti < — t 2 . 

Gompared to Q, we extended (S2) to neutral terms to take care of functions, 
and added (S4) to insure that reducibility candidates are stable by reduction. 

Definition 23 (Interpretation of algebraic types). Given a valid environ- 
ment A, we define the interpretation of algebraic types as follows: 

• canA.s = {A' \- a G SNa.s \ if o, — fC(b) and r(C) = si ^ . . . ^ s„ ^ s, 
then A' \- bi G cauA.si for every i G [l..n]}, 

• cauA.s^t = {A' h a G TA,s^t | V Z\" C A' , V Z\" h 6 G cauA.s, 

A" \- ab G canA.t}- 
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Let us justify the definition. Since >s is assumed to be well-founded, our 
hypothesis is that the definition makes sense for every algebraic type built from 
sorts strictly smaller than a given sort s. Let P be the set of subsets of SN/}^^s 
that contains all strongly normalizable terms that do not reduce to a term headed 
by a constructor of s. P is a complete lattice for set inclusion. Given an element 
X G P, we define the following function on algebraic types built from sorts 
smaller than s: i?x(s) = X, = cariAx and Rx{s t) = can/^^g^f 

Now, let F : P ^ P, X 1-^ X U Y where Y = {a G SN/^,s \ if a — ^ C(b) 
and t(C) = si ^ . . . ^ s„ ^ s then bi G Rx{si) for every i G [l..n]}. Since 
inductive sorts are assumed to be positive, one can show that P is monotone. 
Hence, from Tarski’s Theorem, it has a least fixed point canA,s S Ca,s- 

Definition 24 (Well-typed substitutions). Given two valid environments A 
and P, a substitution 6 is a well-typed substitution from P to A if dom{6) C 
dom{P) and, for every variable x G dom(P), A h x6'.P(x)6. 



Definition 25 (Candidate assignments). Given two valid environments A 
and P, and a well-typed substitution 9 from P to A, a candidate assignment 
compatible with 6 is a function f from Var° to the set of saturated sets such 
that, for every variable a G dom{P) n Var° , ^(o) € CA,a8- 

Compared to Q where well-typed substitutions and candidate assignments 
are packaged together, we prefer to separate them since the former is introduced 
to deal with abstractions, while the latter is introduced to deal with polymor- 
phism. We are now ready to give the definition of the interpretation of theorems. 

Definition 26 (Interpretation of theorems). Given two valid environments 
A and P , a well-typed substitution 6 from P to A, and a candidate assignment 
f compatible with 9, we define the interpretation of P -theorems as follows: 

• |P L 

• |P L = canzi,s, 

• |P h = f{a), 

• |P h Xx:t.TIa, 6,^ = the function which associates \P,x:t\- T\a' , 9 {x^t},^ 
to every A' \- t G Ta,t6, 

• |P h Xa\K' .T\ a,6,^ = the function which associates 
|P, a-.K' h T]zi',e{ai-^T'},e{ai-^S} 

to every{A'l-r,S)G{{A'l-r,S)\A'\-T':K'9, A' A A, SgCa',t'}, 

• IP tjA,8,i = IG h TjA,8,d^ ^ tQ) 

• \P^T T'lA,e,^ = IG h T\A,e.M ^ T'9, [P h TjA.e.x) 

• |P h Plx:T.AlA,e,i = {A' \- a G RA.nx-.Te.Ae \ X!A" A A! , V A!' \- t G 
|P h t\a",6,^, A" h at e |P, x\T h AjA",e{x^t},^}, 

. |P h na:K.AlA,e,i = {A' ^ a G TA,nc-.Ke.Ae \ VZ\" D zi', ^ A" ^ T G 
|P h K\A",e,^, yS G Ca",t, A" \- aT G |P, a:K h 
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The last two cases correspond to the “stability by application”. The well- 
definedness of this definition is insured by the following lemma. 

Lemma 27 (Interpretation correctness). Assume that A and F are two 

valid environments, 9 is a well-typed substitution from F to A, and f is a candi- 
date assignment compatible with 9. Then, for every F -theorem A, |T h C 

Ca.as- 

We are now able to state the main lemma for the strong normalization theorem. 

Definition 28 (Reducible substitutions). Given two valid environments A 
and F , a well-typed substitution 9 from F to A, and a candidate assignment f 
compatible with 9, 9 is said to be valid with respect to f if, for every variable 
X G dom{F), A\- x9 & |T h T(a;)]zi_e^j. 

Lemma 29 (Main lemma). Assume that F \- a:b, A is a valid environment, 
9 is a well-typed substitution from F to A, and f is a candidate assignment 
compatible with 9. If 9 is valid with respect to then A\- a9 € |T h 

Proof. As in Q, by induction on the structure of the derivation. We give only 
the additional cases. The case (cons) is straightforward. The case (fun) is proved 
by Theorem^^f o come for the case of higher-order function symbols, and by 
for the case of first-order function symbols. □ 

Theorem 30 (Strong normalization). Assume that the higher-order rules 
satisfy the General Schema. Then, any well-typed term is strongly normalizable. 

Proof. Application of the Main Lemma, see ^ for details. 

3.2 Reducibility of Higher-Order Function Symbols 

One can see that the critical interpretation is not compatible with the reduction 
relation, and not stable by substitution either. We solve this problem by using yet 
another interpretation function for terms enjoying both properties and relating 
to the previous one as follows: 

Definition 31 (Admissible recursive call interpretation). A recursive call 
interpretation for a function symbol f is given by: 

(i) a function ^ operating on arguments of f, for each environment F, 

(a) a status ordering >statf 'where S is a set of orders indexed by Ind{f). 

A recursive call interpretation is admissible if it satisfies the following properties: 
(Stability) Assume that f{c') G CC/,^(c), hence 4>f ^{c) = c (fij, ^{c'), A 
is a valid environment, and 9 is a well-typed substitution from F to A such that 
c9 are strongly normalizable terms. Then, ^{c9) >%atf 

(Compatibility) Assume that s is the output type of f, a and a' are two 
sequences of strongly normalizable terms such that A h /(a) : s and a — fa'. 
Then, 
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The definition of the actual interpretation function, which is intricate, can 
be found in the full version of the paper. Before to prove the reducibility of 
higher-order function symbols, we need the following result. 

Lemma 32 (Compatibility of accessibility with reducibility). 

If A \- a G cari/\^A and b G Ta,b is accessible in a, then Ah b G can^.B- 

Theorem 33 (Reducibility of higher-order function symbols). 

Assume that the higher-order rules satisfy the General Schema. Then, for every 
higher- order function symbol f G Ah f{a) G can^.s provided that 

A h f{a):s and Ah Ui G can/\,si for every i G [l..n]. 

Proof. The proof uses three levels of induction: on the function symbols ordered 
by >jr, on the sequence of terms to which / is applied, and on the righthand side 
structure of the rules defining /. By induction hypothesis (1), any g occurring 
in the rules defining / satisfies the lemma. 

We proceed to prove that A h f{a) G can^.s by induction (2) on (<?y ^(a), a) 
with (>Lt^, ( — ?)jg^ ) as well-founded order. Since b — f{a) is a neutral 
term, by definition of reSucibility candidates, it suffices to prove that every 
reduct b' of b belongs to can/\,g- 

If b is not reduced at its root then one ai is reduced. Thus, b' = f{a') such that 
a — > a'. As reducibility candidates are stable by reduction. Ah a[ G canA.si, 
hence the induction hypothesis (2) applies since the interpretation is compatible 
with reductions. 

If b is reduced at its root then a = c9 and b' = eO for some terms c, e 
and substitution 9 such that /(c) — > e is the applied rule. 0 is a well- typed 
substitution from I/j to A, and / is compatible with 9 since dom(//{)n Var° = 0. 
We now show that 9 is compatible with /. Let a; be a free variable of e of type 
t. By definition of the General Schema, x is an accessible subterm of c. Hence, 
by Lemma^J Ah x9 G can^.t since, for every i G [l..n], Z\ h Ci9 G cauA.si- 
Given an algebraic environment P containing I/j, let us show by induction (3) 
on the structure of e G CCf^^{c) that, for any well-typed substitution 9 from P 
to A compatible with /, e9 G can^.t, provided that Ci9 G cauA.si for every 
i G [l..n]. 

Base case: either e is accessible in Ci, or e is a variable of dom{P) \ FV{c). In 
the first case, this results from Lemma and in the second case, this results 
from the fact that 9 is compatible with /. Now, let us go through the different 
closure operations of the definition of CC/_^(). 

(i) construction: e = C(ei, . . . , Cp) and t(C) = — > . . . ^ tp ^ t. e0 G can^.t 

since, by induction hypothesis (3), 6i9 G canA.ti- 

(ii) defined application: e = g{ei , . . . , Cp) with r(g) = t\ ^ ... ^ tp ^ t and 
g <yr f. By induction hypothesis (3), Ci9 G cauA.ti- Hence, e9 G cauA.t, 
by Q for first-order function symbols, or by induction hypothesis (1) for 
higher-order ones, since g <j: f. 

(iii) application: e = u v. e9 G cauA.t since, by induction hypothesis (3), u9 G 
cauA.t'^t and v9 G cauA.t'- 
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(iv) abstraction: e = Xx'.ti.u and t = t\ ^ such that F,x:ti h u : t 2 - Let 
V S cari/\^ti- By induction hypothesis (3), u9{x<-^v} G cariA,x-.ti,t 2 - Hence, 
(Xx:ti.u9)v G canA,x:ti,t 2 and e9 G cariA,t- 

(v) reduction: e is a reduct of a term u G CCf^^{c). Since h u : t, by induc- 
tion hypothesis (3), u9 G cariA.t- Since reducibility candidates are stable by 
reduction, e9 G cariA.t- 

(vi) admissible recursive call: e = f{c') and = c (j)f,^{c'). The 

induction hypothesis (1) applies since the interpretation is stable. □ 

This achieves the proof of the strong normalization property. 

4 Conclusion and future work 

We have defined an extension of the Calculus of Constructions by higher-order 
rewrite rules defining uncurried function symbols via the so called General 
Schema Q, which will allow a smooth integration in proof assistants like Coq, 
of function definitions by pattern-matching on the one hand, and decision pro- 
cedures on the other hand. This result extends previous work by Barbanera et 
al. by allowing for non-dependent and non-polymorphic inductive types. In 
our strong normalization proof based on Girard’s reducibility candidates, we 
have indeed used a powerful generalization of the General Schema, of which 
the recursors for strictly positive inductive types are an instance, which is an 
important step of its own. 

Several problems need to be solved to achieve our program, that is to extend 
the Coq proof assistant Q with rewriting facilities. Firstly, to generalize our 
results to arbitrary positive inductive types, for which the type being defined may 
occur at any positive position of the argument types of its constructors. Secondly, 
to extend the results to dependent and polymorphic inductive types as defined 
by Coquand and Paulin in Q. This is indeed the same problem, of defining 
and proving a generalization of the schema. Thirdly, to allow rewriting at the 
type level, enabling one to define types by induction. The corresponding recursor 
rules are called strong elimination We have already preliminary results in 
the latter two directions. Lastly, to accommodate the ry-rule. By following Q, 
we plan to try the use of the 77 -rule as an expansion, instead of as a reduction. 
In this context, it would also be interesting to see to which extent the works by 
Nipkow and Klop ^3 higher-order rewriting systems could be integrated 
in our framework. Fourthly, following ^^so want to introduce modules in 

our calculus to be able to develop libraries of reusable parameterized proofs. 
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Abstract. We propose a first-order presentation of higher-order logic 
based on explicit substitutions. It is intentionally equivalent to the usual 
presentation of higher-order logic based on A-calculus, i.e. a proposition 
can be proved without the extensionality axioms in one theory if and 
only if it can in the other. The Extended Narrowing and ResolutionUxst- 
order proof-search method can be applied to this theory. This allows 
to simulate higher-order resolution step by step and furthermore leaves 
room for further optimizations and extensions. 



Introduction 

Higher-order logic is a formalism that allows a natural expression of program 
specifications and of mathematics. It is used in many theorem provers — either 
automatic or tactic driven — such as HOL, Isabelle, PVS, A-Prolog, TPS, etc. 
Higher-order logic can be expressed in many different ways using combinators, 
A-calculus, etc. Some of these formulations present higher-order logic as a first- 
order theory, some other do not. Expressing higher-order logic as a first-order 
theory permits to use standard first-order proof-search methods. Extensions, for 
example integrating algebraic axioms, are easier to study and handle in this 
simple framework. 

There are several ways to encode higher-order logic as a first-order theory 
and several proof search methods for each encoding, which are more or less 
efficient with respect to the standard higher-order resolution. For instance the 
encoding of higher-order logic using combinators is not intentionally equivalent 
to the standard presentation using A-calculus, because some proofs require the 
extensionality axioms in this presentation, but not in the standard one. This 
leads to inefficiencies. 

In this paper we give a first-order presentation of higher-order logic called 
HOL-Acr using the so called, calculus of explicit substitutions We 

show that this presentation is intentionally equivalent to the usual presentation 
of higher-order logic based on A-calculus, i.e. the theories are still equivalent 
when we drop the extensionality axioms in both cases. A rather surprising side 

P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 317-^^^ 1999. 
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effect of this presentation of higher-order logic is that it provides a clarification 
of the intricate skolemization rule of higher-order logic 

On the proof search side, we show that this theory can be mechanized with the 
Extended Narrowing and Resolution (ENAR) method introduced in 
We retrieve higher-order resolution as a particular case as it can be simulated 
step by step by the ENAR method applied to HOL-Acr. But ENAR permits more 
optimizations as it permits for instance to delay application of substitutions. It 
keeps also the simplicity of first-order frameworks and can easily be extended, 
for instance with equational axioms. A first step in this direction can be found 
in ^^^ 9 . 

The ENAR proof search method relies upon a presentation of first-order logic 
called deduction modulo that allows to build-in a congruence identifying terms 
and also propositions. This leads to shorter and more direct proofs by making 
congruent propositions equivalent instead of requiring explicit proof arguments. 
Hence, we shall express HOL-Acr in deduction modulo. 

In order to remain self contained, we recall the principal ideas of deduction 
modulo in section 1. Then, we recall in section 2 the usual presentation of higher- 
order logic based on A-calculus (HOL-A) and in section 3 its first-order presenta- 
tion based on Curry combinators. Section 4 introduces HOL-Acr, establishes its 
main properties (termination, confluence, consistency and cut elimination) and 
presents the equivalence theorem between HOL-A and HOL-Acr which rests upon 
cut elimination. In section 5 we show that the rather intricate Skolem theorem 
for higher-order logic can be deduced from the first-order one. At last section 6 
presents briefly the ENAR proof search method (whose completeness rests upon 
cut elimination) and its application to HOL-Acr. 



1 Deduction Modulo 



In this paper we shall use a presentation of first-order logic, called deduction 
modulo that permits to identify propositions modulo a congruence. 

In deduction modulo, the notions of language, term and proposition are that 
of (many sorted) first-order logic. We consider theories to be formed with a 
set of axioms E and a congruence, denoted =, defined on propositions. As a 
consequence, the deduction rules must take into account this equivalence. For 
instance, the modus ponens cannot be stated as usual 

B A 
B 



but, as the two occurrences of A need not be identical, but need only to be 
congruent, it is stated as 



A' ^ B 



A 



if A = A' 



B 
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In fact, as the congruence may identify implications with other propositions, a 
slightly more general formulation is needed 

C A 

— g— AC = A^B 

All the rules of natural deduction or sequent calculus may be stated in a similar 
way. Figurejgives a formulation of sequent calculus modulo. 



r,P\- A 
r\- A 



axiom P = Q 

contr-1 if P = Qi = Q 2 



P\-Q 
P, Qi , Q 2 b A 



weak-1 



P,P h A 

P h P, A P,Q\- A 
P,Ph A ' 

P, P, Q b A 



>-l if P = (P => Q) 



P,Pb A 
P, P b A P, Q b A 



P,Pb A 
P b P, A 



A-1 if P = (P A Q) 

V-1 if P = (P V Q) 



PPb A 



if P = ^P 



_L-1 if P = _L 



P,P b A 

P, P{x ^t}\- A 
P,Qb A 

P, P{x ^ y} b A 
P,Qb A 



P, P b A P b Q, A 

FFa 

P b Qi, Q 2 , A 



cut if P = Q 



P b P, A 
P b A 



contr-r if P = Qi = Q 2 



weak-r 



Pb P, A 

P,PbQ,A 
Pb P, A 

P b P, A P b Q, A 
Pb P, A 

P b P, Q, A 



-r if P = (P ^ Q) 

A-r if P = (P A Q) 



Pb P, A 

P, P b A _ 
Pb P, A 



V-r if P = (P V Q) 



-r if P = -nP 



{x, P, t) V-1 if Q = V* P 
{x, P, y) 3-1 if Q = 3a; P 



PbP{a;^y},A 
Pb Q, A 

PbP{a;^t},A 

PbQ,A 



(a;, P, y) V-r if Q = Vx F 
(x, P, t) 3-r if Q = 3x P 



where the rules V-r and 3-1 assume that y ^ FV (P A) 



Fig. 1. The sequent calculus modulo 



As an example, the proposition 3x 2 x x = 4 is rather cumbersome to prove in 
sequent calculus with the axioms of arithmetic. Indeed to prove the proposition 
2 X 2 = 4 we have to say that 2x2 = 1x23- 2, 1x23-2 = 0x23-2-1- 2, ... 
and thus to use the axioms of arithmetic and equality many and many times. 



320 



G. Dowek, T. Hardin, C. Kirchner 



In contrast, in sequent calculus modulo, we have the following proof 



4=4h2x2=4 
Va;a; = a;l-2x2 = 4 
Va;a; = a;l-3a;2xa; = 4 



axiom 



(x, X = x,4) V-1 
(a;, 2 X a; = 4, 2) 3-r 



Substituting the variable x by the term 2 in the proposition 2 x a; = 4 yields the 
proposition 2x2 = 4, that is congruent to 4 = 4. The transformation of one 
proposition into the other, that requires several proof steps in sequent calculus, 
is dropped from the proof in deduction modulo. It is a mere computation that 
need not be written, because everybody can re-do it by him/herself. 

In this case, the congruence can be defined by a rewrite system defined on 
terms: 



0 



P 



y, S{x)+y — >S{x + y), Oxy — > 0, S{x) x y — >xxy + y 



Notice that, in the proof above, we do not need the axioms of addition and 
multiplication. Indeed, these axioms are now redundant: since the terms 0 + y 
and y are congruent, the axiom Vy 0 3- y = y is congruent to the equality axiom 
^y y = y- Hence, it can be dropped. In other words, these equivalences on terms 
have been built-in 

But in many situations, it is also natural to define a congruence at the propo- 
sition level. For instance, we may add to the previous system the rule of integral 
rings 

X X y = 0 — > X = 0 V y = 0 

that rewrites an atomic proposition to a disjunction. The main originality of 
deduction modulo is that it allows to define such a congruence directly on propo- 
sitions with rules rewriting atomic propositions to arbitrary ones. 

In this paper, all congruences will be defined by confluent rewrite systems. 
As these rewrite systems are defined on propositions and propositions con- 
tain binders, these rewrite systems are in fact Combinatory Reduction Systems 



Notice that deduction modulo is not a proper extension of first-order logic. 
It is proved in that for every congruence =, we can find a theory T 

such that T h P is provable modulo = if and only if TP h P is provable in 
ordinary first-order logic. Of course, the provable propositions are the same, but 
the proofs are very different, indeed much shorter in deduction modulo. 



2 HOL-A 

We recall very quickly the usual presentation of higher-order logic 
Terms are those of a simply typed A-calculus with two base types l and o and 
the following constants A and V, of type o ^ o ^ o, F of type o ^ o, _L of 
type o, Vt and 3 t of type (P — > o) — > o (we use a notation with a dot for the 
constants to distinguish them from the connectors and quantifiers of first-order 
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logic). Propositions are terms of type o. The unique /377-normal form of a term 
a is written a The deduction rules are given in figure^ where all propositions 
are supposed to be normal. 

An alternative presentation does not normalize the propositions after the 
quantifier rules but takes (3 and rj as axioms. 

This system is well-known to be consistent and to enjoy cut elimination 



P h P 



axiom 



r,p\- A r\- P, A 
TTa 



cut 



P,P,P\- A 
P,P\- A 



contr-1 



P\- P,P, A 
P\- P, A 



contr-r 



P\- A 
P,P\- A 



weak-1 



P\- A 
P\- P, A 



weak-r 



PhP,A P,Q^A^ P,P^Q,A ^ 

P,(APQ)hZ\ Ph(^PQ),A 



P,P,Qh A 
P, (A P Q) h A 



A -1 



P I- P, A P h Q, A . 
Ph(APQ),A 



P, (V P Q) h A 



PhP,Q,A 
Ph (V P Q), A 



V-r 



P h P, A 
r, (L P) h A 



P, P I- A ^ 
Ph (F P),a"'" 



^ T-1 

P,T h A 

EdPjntAty.i 

P, (V P) h A 

P,(P y) fhA - ^ 
P, (3 P) h A 



Ph(P y)l,A ^^^ 
P h (V P), A 

Ph(P t)i,A ■ 
P h (3 P), A 



where the rules V-r and 3-1 assume that y ^ FV (P A) 



Fig. 2. HOL-A: The deduction rules of HOL-A 



3 HOL-C 

Higher-order logic can be expressed as a many-sorted first-order theory whose 
sorts are all simple types. In such a presentation, when t is a term of type T — > [/ 



322 



G. Dowek, T. Hardin, C. Kirchner 



and u a term of type T we cannot write the application of the term t to the term 
u as (t u), but we need to introduce a function symbol ot.c/ and write this term 
aT,u{t, u). The rank of the function symbol ar,u is {T U, T)U . Of course we 
shall continue to write (t u) for the term aT,u{ii u). 

To express function terms and predicate terms, instead of using A-calculus, 
we introduce for each applicative term t whose variables are among Xi, . . . ,Xn 
a constant symbol written Xi, . . . , x„ i — > t and an axiom 

((xi, ... ,Xn I > t) Xi ... Xn) = t 

Such constant symbols are called combinators. 

At last, we introduce a predicate symbol £ of rank (o) that transforms a term 
t of type o into the proposition e{t). We add axioms that relate the connectors 
and quantifiers (e.g. A) and their replication as constant symbols (e.g. A), for 
instance: 

£(A X y) 4^ {e{x) Ae(y)) 

Thus, the language contains: 

— for each applicative term t of type U whose variables are among Xi, . . . , x„ 
of type Ti, . . . , r„, a constant symbol Xi, . . . ,Xn ' — t of type Ti ^ ... ^ 

— constant symbols =», A and V of sort o ^ o — > o, A of type o ^ o, T of type 
o, for each type T constant symbols Vt and 3^ of type (T ^ o) ^ o, 

— for each pair of types (T, U), a binary function symbol aT,u of rank (T —>■ 
U,T)U, 

— a unary predicate symbol e of rank (o). 

The axioms are: 



s{{{xi, . . . 


5 




*t) Xi .. 


■ Xn) 




X y) 




(£(a;) ^ 


e(y)) 


e(A 


X y) 




(£(a;) A £ 


iy)) 


e(V 


X y) 




(£(a;) V £ 


iy)) 






x) 


<tA ->£(2;) 





£(i) T 
e(V x) <tA Vy e{x y) 
e (3 x) <tA 3y e{x y) 

These axioms can be dropped if we work modulo the congruence defined by 
the rewrite system formed with the rule 

((xi, ... ,Xn I > t) Xi ... Xn) > t 

and those of figure H 
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Translation from A-terms to combinators is usually called X-lifting. This 
translation can be modified in order to use only the combinators S = x,y, z i — *■ 
{{x z) {y z)) and K = x,y i — > x. As well known, this translation does not 
preserve the term structure. 

This presentation of higher-order logic can be shown to be equivalent to the 
presentation with A-calculus if we take the extensionality axioms 

V/ V 5 ((Va; e((/ x) = {g x))) ^ e(f = g)) 

Vx Vy (e(x^y) e(x = z/)J 

in both cases, i.e. a proposition P is provable in the presentation of higher-order 
logic with A-calculus if and only if the proposition e(P') is provable in the first- 
order theory above. But, if we drop the extensionality axioms, then the two 
presentations are not equivalent anymore. For instance, the proposition 

((Aa; Xy x) {u ■(;)) = Xy {u v) 

is provable in presentation with A-calculus while its translation 

((/, — > {f a;)) (a;, yi — > a;) (u v)) = {{u, v,yi — > {u v)) u v) 

requires extensionality. Even when the extensionality axioms are taken, the for- 
mulations with A-calculus and combinators are only weakly equivalent: provable 
propositions are the same, but the proofs are very different, some proofs requiring 
only /3ry-conversion when expressed with A-calculus and the use of extensionality 
when expressed with combinators. This leads to inefficiencies when searching for 
proofs. 

4 HOL-A<t 

We present in this section another first-order formulation of higher-order logic. 
It is not based on combinators as previously, but on de Bruijn indices and ex- 
plicit substitutions. It allows to avoid the previously mentioned drawbacks of 
combinators. 



4.1 The Theory 

In A-calculus with de Bruijn indices, bound variables are replaced by an index 
indicating the binding height of this variable, i.e. the number of A’s between 
this occurrence and its binder. For instance the term Xx (x (Xy a;)) is written 
A (1 (A 2)). This notation is also a first-order language with a binary function 
symbol a, a unary function symbol A and constant symbols 1,2,3.... Simple 
sorts are not sufficient anymore with de Bruijn indices. Indeed, we need to give 
a sort not only to terms like (Aa 1) (that gets the sort A — > A), but also to 
terms of the form 1. Thus, as detailed in we have to consider sorts of 
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/3-reduction and ?/-reduction: 

{Xa)b — > a[b.id] 

\{a 1) — s- 6 if a =c 6[f] 

(T-reduction: 

(a b)[s] — > (a[s] b[s]) 
l[a.s] — > a 
a[id] — > a 

(Aa)[s] — > A(a[l.(s o f)]) 

(a[s])[t] — > a[s o t] 
ido s — > s 
t o (a.s) — > s 

(si o S2) o S3 — > Si o (S2 o S3) 

(a.s) o t — > a[t].(s o t) 
s o id — > s 
1. T — > id 
l[s].(t os) — > s 

Fig. 3. The rewrite rules of Acr-calculus 



the form F T where T is a simple type and F a context, i.e. a list of simple 
types. 

With de Bruijn indices conversion axioms use an external definition for sub- 
stitution. Moreover this substitution is not well-defined on open terms of this 
first-order language. This is solved by considering an extension of this calculus: 
the calculus of explicit substitutions also called Acr-calculus. This cal- 

culus introduces also sorts of the form F h A for substitutions that are lists of 
terms and symbols to build such substitutions id, | and o. Then a new term 
constructor is introduced _[_] that permits to apply an explicit substitution to a 
term. The rewrite rules describing the evaluation of the Acr-calculus are given in 
figureH 

HOT- Act is a many-sorted first-order theory with sorts of the form F \- T and 
F \- A where F and A are sequences of simple types and T is a simple type. 



Definition 1. (Language) The language contains the following function sym- 
bols: 



Here, equality is Leibniz’ equality, i.e. Ax \y VAp {{p x)=^(p y)) 



1 
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15 


constant of sort 


A.r\- A 


r 

^A^B.A 


binary function of rank 


(T h A ^ T h A)T h B 


^’a.b 


unary function of rank 


{A.r\- B)r \- A^ B 


[ \7' 


binary function of rank 


{r' c A, rc r')r h a 


id^ 


constant of sort 


Fh r 




constant of sort 


A.Fh F 


r,r' 

■A 


binary function of rank 


(Fh A,Fh F')Fh A.F' 


oCr'.r" 


binary function of rank 


(F h F",F" h F')F h F' 




constant of sort 


h 0 — > 0 ^ 0 


A 


constant of sort 


h 0 ^ 0 — *■ 0 


V 


constant of sort 


h 0 ^ 0 — *■ 0 


— 1 


constant of sort 


h 0 ^ 0 


1 


constant of sort 


h 0 


Va 


constant of sort 


h (A ^ 0 ) — > 0 


3a 


constant of sort 


h (A ^ 0 ) — > 0 



and a single unary predicate symbol: 

e of rank (h o) 

We denote XaC the rewrite rules of Acr-calculus together with the logical rules 
C given in figure Hand we write A = B when A and B are congruent modulo 
XaC. 




4.2 Properties 

We prove in the full version of the paper that the system XaC is 

weakly terminating and confluent on terms containing only term variables. The 
weak termination property is proved by encoding the system XaC into the typed 
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Acr-calculus. The confluence property is proved by showing that Act* and C are 
confluent and strongly commute. We can then apply Hindley-Rosen lemma. 

We also prove in the full version of the paper that the theory HOL-Act is 
consistent and has the cut elimination property. Consistence can be proved by 
constructing a model. Following the method introduced in we prove 

cut-elimination by constructing a so called pre-model of the theory. The cut 
elimination property is used in the proof of the embedding theorem Jand in the 
completeness proof of the Extended Narrowinq and Resolution method applied 
to HOL-Act. 



4.3 Embedding HOL-A into HOL-Acr 

We now want to prove that HOL-Act is intentionally equivalent to the usual 
presentation of higher-order logic HOL-A. 

Following we define a translation from A-calculus to Acr-calculus 

called pre-eooking. This translation replaces the bound variables by the appropri- 
ate indices and adds an appropriate [|"] operator to free variables and constants 
according to the context in which they occur. 

To each variable x of type T, we associate the sort h T in Acr-calculus. 

Definition 2. Let a be a X-term. The pre-eooking of a is the Xa-term defined 
by ap = F{a, [ ]) where F{a, 1) is defined using the list of variable I (\ ] being the 
empty list) by: 

— F{{Xx.a),l) = X{F{a,x.l)), 

— F{la b),l) = F{a,l)F{bJ), 

— F(x,l) = if X is the k-th variable of I 

— F(x,l) = where n is the length of I if x is a variable not occurring in 

I or a constant. 



Theorem 1. If pi, ... ,pn,qi, ...^qm o,tc propositions in HOL-X then the se- 
quent pi,... ,Pn b qi,...,qm is provable in HOL-X if and only if the sequent 
e{pip), . . . ,e{pnp) b £(9 if), ■■■,£{qmF) is provable in HOL-Xa. 

The proof of this result is given in and rely on the next propositions. 

Proposition 1. — If t has the type T then tp has the sort b T, 

— {{a/x}b)p = {a; I— > ap}bp, 

— a =i 3 ri b in X- calculus if and only if a p =\„ bp in Xa- calculus. 

The purpose of the following definition and propositions is to characterize 
the image of the pre-cooking mapping. 

Definition 3. A E-term is a Xa-term containing only variables which sort has 
an empty context. A E-proposition is a proposition of the form e(E) where P is 
a F -term. 





HOL-Acr: An Intentional First-Order Expression of Higher-Order Logic 327 



Proposition 2. If t is a XaC-normal F -term well-typed in the empty context 
then there is a X-term u such that t = up- 



Proposition 3. Let F \- A he a sequent containing only F -propositions. Then, 
if this sequent has a proof it also has a proof where all propositions are F- 
propositions and all the witnesses F -terms. 



5 Skolemization in HOL-Acr 



Skolemization in higher-order logic is known to be more complicated than in 
first-order logic. Indeed, the naive skolemization in higher-order logic permits 
to transform some unprovable formulations of the axiom of choice into provable 
propositions. Thus the naive skolemization rule has to be restricted in such a 
way that skolemizing a proposition of the form 

Vxi . . .\/xn 3y {P Xi ... Xn y) 



introduces a skolem symbol /" that can only be used if applied to at least n 
terms and moreover the variables free in those terms cannot be bound in any 
context. For instance the term Xy (/^ x y) is correct, while the terms /^, {F f^) 
and Xx (/^ x y) are not (Miller’s conditions) 

A further motivation for expressing higher-order logic as a first-order theory 
is to avoid this cumbersome rule by reusing the usual first-order skolemization 
rule. We show below that when we apply the first-order skolemization rule to 
HOL-Acr we get Miller’s conditions. 



5.1 Miller’s Conditions in HOL-A 



The naive skolemization in higher-order logic, that transforms \/x 3y (P x y) in 
Va; (P X (/ a;)) with / constant of type T ^ U (where T is the type of x and U 
that of y) is unsound. Indeed the axiom of choice 



\/x 3y {P X y) ^ 3g \/x {P x {g x)) 



is not provable in type theory Thus from the proposition Vx 3y (P x y) 

we cannot deduce 3g \/x (P x {g x)) while naively skolemizing this proposition 
yields Va: (P x (/ x)) from which we can obviously deduce 3g \/x (P x {g a;)). 



Miller 



has proposed an alternative skolemization rule that trans- 



forms a proposition of the form 



Va;i 'ix 2 ■ . ■ Xlxn 3y {P xi x^ ... a;„ y) 



into 



Va;i \/x 2 . . . X/Xn {P xi X 2 ... Xn (/” a;i a;2 ... a;„)). 



Two conditions are added: 
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— the symbol /" can be used only when applied to at least n arguments (e.g. 
(/^ x) is a term, but alone is not). 

— the variables free in the necessary arguments cannot be bound by a A higher 
in the term (e.g. Aa; (/^ y) is a term, but Aa; (/^ a;) is not). 



Recall however that, as it is usual in higher-order logic, Va; P is a notation 
for the term V (Aa; P) where V is a constant. Then the skolemized proposition 
Va; {P X (/^ a;)) itself does not verify the second condition since x is bound 
by the external quantifier. Hence, we must either introduce quantifiers as new 
binders or give a more restricted form to Skolem theorem. If we use skolem- 
ization to put a proposition to be refuted in clausal form, then the universal 
quantifier will be suppressed yielding the proposition {P X (/^ Af)) where X is 
a free variable. So we can state Skolem theorem as the correctness of this trans- 
formation with respect to resolution i.e. the clausal form of a proposition can be 
refuted by resolution if and only if the proposition itself is provable in sequent 



calculus. In 






Miller formulates his theorem as the correctness of this 



transformation with respect to the connection method. 



5.2 HOL-Acr 

Skolem theorem applies to HOL-Acr as it applies to any first-order theory. A 
proposition of the form Va; 3y {P x y) is skolemized as Va; {P x /(a;)) where / is 
a unary function symbol. Hence we get back Miller’s first condition. The rank of 
this symbol is (P h T)A h U, i.e. it maps an argument of sort P h P into a term 
of sort A \- U. The sort of the argument expresses Miller’s second condition as 
it restricts the free variables in this term. 

For example the proposition Va; 3y e{P x y) is skolemized as Va; e(P x /(a;)) 
where / has rank (h T) h U, which requires the argument of / to be well typed 
in the empty context. For instance the A-term Xx (/^ x) which violates Miller’s 
second condition, is expressed by the term A/(l) that is not well typed, while 
the term Aa; (/^ y) that verifies Miller’s second condition is expressed by the 
term Xf{y) that is well typed. We thus reap the benefit of using the Acr-calculus 
where sorts explicit the scope of terms. 



6 Automated Theorem Proving in HOL-Acr 



We are now able to wrap-up together the above ingredients to get a first-order 
presentation of higher-order resolution. To this end, as with any first-order theory 
modulo, we can use the ENAR method developed in to search proofs 

in HOL-Acr. 



6.1 The ENAR Method 

The ENAR method applies to congruences described by class rewrite systems, 
i.e. pairs composed of a rewrite system TZ rewriting atomic propositions to propo- 
sitions and a set of equational axioms £ equating terms with terms and defining 
a congruence denoted =£ . 
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As compared to first-order resolution, the ENAR method first replaces unifi- 
cation by equational unification modulo £ . The unification problems are kept as 
constraints written t =g u and a clause C constrained by a set of equations E is 
written C [E] . Hence, we construct refutations with the Extended Resolution 
rule presented in figure^ Then, as TZ rewrites atomic propositions to non atomic 
ones, we need another rule that instantiates, rewrites and puts in clausal form 
the result using the operator ci. This rule is called Extended Narrowing by 
analogy with the narrowing rule of equational unification. 



{Al, . . . , An, B\, . . . , Bm} [El] {“'Cl, . . . , -<Cp, D\, . . . , Dq\ [E2] 
{El, . . . , Bm, D\, . . . , Bg} [El U E2 U {Ai . . . An —£ Ci . . . Cp}] 



Ext. Res. 



C[E] 

c^(C[r]p)[Eu{C|p =\ Z}] 



Ext. Narrowing 



if Z 



r € E and C\p ^ X 



Fig. 5. Extended narrowing and resolution (ENAR) 



Theorem 2. 



Let TZ£ be a confluent and weakly terminating class 
rewrite system such that the cut rule is redundant in sequent calculus modulo 
TZ£. Then, the sequent 



Ai , . . . , Aji b El , . . . , Bjn 

is provable in sequent calculus modulo if and only if from the constrained clauses 
c£({{Ai}, . . . , {An}, l-Ei}, . . . , {^Bm}}) Z0J 
we can derive the empty clause constrained by a £ -unifiable set of equations. 

6.2 Applying ENAR to HOL-Acr 

In have applied ENAR to a first-order presentation of higher-order 

logic using combinators and we have shown that the Extended Narrowing rule 
specializes to the Splitting rule of higher-order resolution Un- 

fortunately equational unification modulo the conversion axioms of combinators 
is not higher-order unification. 

If we apply this method to HOL-Acr, we obtain another proof search method 
for higher-order logic. As shown in the previous sections, HOL-Acr fulfills the hy- 
potheses of theorem^ so this method is complete. The Extended Narrowing 
rule still specializes to the Splitting rule of higher-order resolution, but the uni- 
fication required is the unification modulo the system Acr that we have shown to 
be equivalent to higher-order unification in Thus, the method obtained 

this way simulates higher-order resolution step by step. 
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Conclusion 

In this paper we have given a first-order presentation of higher-order logic. This 
presentation is intentionally equivalent to the presentation of higher-order logic 
based on A-calculus. Applying the Extended Narrowing and Resolution method 
to this theory gives higher-order resolution. Hence we show this way that ex- 
pressing higher-order logic as a first-order theory and applying a first-order proof 
search method is at least as efficient as a direct implementation, provided we 
take the good first-order expression of higher-order logic and the good proof 
search method. 

Expressing higher-order resolution in a first-order framework permits to clar- 
ify its features: higher-order unification, the splitting rule and higher-order res- 
olution. Higher-order unification is equational unification in an appropriate the- 
ory. The splitting rule is an instance of the extended narrowing rule introduced 
in it is needed because the rewrite system of higher-order logic trans- 

forms atomic propositions into non atomic ones. The higher-order skolemization 
rule is an instance of the first-order one. Its scoping particularities are conse- 
quences of the sort system of higher-order logic. 

As we stay in a first-order setting, we can also reuse optimizations of first- 
order theorem proving such as redundancy criteria and subsumption. Another 
consequence is that extending the method to equational higher-order resolution 
requires only to add more reduction rules to the rewrite system XaC, then nar- 
rowing provides an equational higher-order unification algorithm and 

the proof search method is complete provided deduction modulo the extended 
theory verifies the cut elimination property. 
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Abstract. Formal language theory, and in particular the theory of au- 
tomata, has provided many tools that have been found extremely useful 
in rewriting theory, since automata can be used for deciding certain prop- 
erties of rewriting systems as well as for constructing (weakly) confluent 
rewriting systems. On the other hand, rewriting theory has had some 
influence on the development of formal language theory, since based on 
certain rewriting systems some interesting classes of formal languages 
have been defined. Here a survey on some connections between rewriting 
and formal language theory is given, starting from the classical string lan- 
guages and string-rewriting systems and continuing with tree automata 
and term-rewriting systems. 



1 Introduction 

String-rewriting systems (or semi-Thue systems) are intimately connected with 
formal language theory, since under the name of sets of productions they form an 
essential part of Chomsky’s phrase-structure grammars (see, for example, ^3). 
In particular, the various classes of the Chomsky hierarchy are defined by placing 
certain restrictions on the form of the productions (that is, the rewrite rules) 
that are admitted in a grammar. Hence, it is not surprising that techniques and 
results that have been developed in formal language theory are often very helpful 
in investigating certain properties of string-rewriting systems. 

In fact, many sets associated with string-rewriting systems are context-free or 
even regular languages, and in fact corresponding descriptions, for example ac- 
cepting automata, can often be constructed effectively from the string-rewriting 
system under consideration. This is the case for the sets of reducible and irre- 
ducible strings with respect to a finite (or left-regular) system, and the same 
is true for certain sets of descendants and unions of congruence classes with re- 
spect to some restricted systems. Based on these language-theoretical properties, 
some decision problems can be solved effectively, in some cases even efficiently. 
An example is Book’s reduction algorithm for deciding the word problem for 
finite convergent string-rewriting systems that is based on a realization of a 
left-most reduction through a two-pushdown automaton [y]. Another example is 
Book’s decision algorithm for linear sentences that express properties of Thue 
congruences generated by finite monadic and confluent string-rewriting systems 
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The test for confluence of a finite noetherian system reduces to checking 
emptiness of finitely many intersections of finite sets Q. However, if we want 
to verify that a finite noetherian system is confluent on a certain congruence 
class only, then this test is much more complicated. In fact, this task turns out 
to be undecidable in general, and even for finite monadic systems it reduces 
to checking equality for finitely many pairs of one-turn languages String- 
rewriting systems will be addressed in Section ^ 

Prefix-rewriting systems can be used to describe left-congruences in monoids. 
Hence, in the case of groups they yield descriptions of subgroups | . Under 
certain restrictions a prefix-rewriting system can be completed using a Knuth- 
Bendix-style completion procedure thus giving a rewrite-based algorithm 
for deciding membership in the subgroup considered. However, there is a simpler 
method for completing prefix-rewriting systems that is based on finite-state ac- 
ceptors, and that is applicable to certain classes of finite convergent presentations 
of groups ^3. Prefix-rewriting systems will be discussed in Section^ 

The finite, length-reducing, and confluent string-rewriting systems have been 
used to define the class CRL of Church-Rosser languages in From the defini- 
tion it follows immediately that the membership problem for each Church-Rosser 
language is decidable in linear time. Hence, CRL is contained in the class CSL 
of context-sensitive languages, and it is shown in the original paper that CRL 
contains the class DCFL of deterministic context-free languages. However, only 
very recently the exact relationship between the class CRL and the class CFL 
of context-free languages could be settled The Church-Rosser languages 

will be the contents of Section H 

The concepts of formal language and automata theory have been generalized 
to first-order terms and term languages (see, for example, while on the 

other hand term-rewriting systems can be seen as a corresponding generalization 
of string-rewriting systems. Accordingly, automata-theoretical notions and tech- 
niques have been applied successfully to describe certain sets of terms that are 
associated with term-rewriting systems, and to solve certain decision problems. 

Here, however, some technical complications arise that have no counterparts 
in the string case. A string-rewriting system S on an alphabet S = {oi, . . . , am} 
can be interpreted as a term-rewriting system Rs = {(-{x) r(x) | ^ r) S S'} 

on the signature F^; = {oi, . . .,am,<(}, where each letter Oi is considered as a 
function symbol of arity one, and } is a constant. Thus, linear term-rewriting sys- 
tems form a generalization of string-rewriting systems in that function symbols 
of arity larger than one are admitted. However, general term-rewriting systems 
embody a further generalization in that they may contain non-linear terms. 
Hence, the problem of linearity versus non-linearity plays an important role in 
the study of term-rewriting systems. 

On the other hand, ground term-rewriting systems have particularly nice 
properties due to the serious restriction to the applicability of their rules. These 
systems will be discussed in Section H while Sectionals devoted to the various 
generalizations of techniques and results of automata theory to term languages 
and term-rewriting systems. Here we will in particular address the question of 
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presenting the set of irreducible (ground) terms of a finite term-rewriting system 
through a finite tree-automaton, and the property of preserving regularity. 

Due to space limitations only some fundamental definitions will be given 
in the paper. For further information regarding the notions introduced and for 
proofs of the results presented, the interested reader is asked to consult the 
literature, where Q serves as our main reference on string-rewriting systems, 
is our main reference on term-rewriting systems, and is our main reference 
on tree automata. 

Being a contribution to the proceedings of the 10th International Conference 
on Rewriting Techniques and Applications (RTA’99) this survey paper cannot 
possibly cover all the various aspects of the many connections between rewriting 
and formal language theory. Therefore, this article only presents some of the 
more fundamental connections that I have chosen based on my personal taste 
and experience. Others may feel that some important connections have been 
neglected. I apologize to all of them. 

2 String-Rewriting Systems 

Let A be a finite alphabet. Then E* denotes the set of strings over E including 
the empty string A. As usual the concatenation of two strings u and v will be 
denoted as uv, and numerical exponents will be used to abbreviate strings. 

A string-rewriting system S' on A is a subset of A* x A*, the elements of 
which are called (rewrite) rules. By dom(S) we denote the set of all left-hand 
sides of rules of S, and by range (S) we denote the set of all right-hand sides. The 
reduction relation defined by S is the reflexive and transitive closure of the 
single-step reduction relation ~^s'-= {(u(.v, urv) \ u,v G A*, (i, r) G S}. A string 
w G E* is called reducible if w — z holds for some string z G A*, otherwise w 
is called irreducible. By RED(S) (IRR(S)) we denote the set of all strings that 
are reducible (irreducible) modulo S. Obviously, RED(S) = A* • dom(S) • A* 
and IRR(S) = A* \ RED(S). Thus, if S' is a finite system, then RED(S) and 
IRR(S) are regular languages. Actually, we have the following result. 

Proposition 1. [3 

Given a finite string-rewriting system S, deterministic finite-state acceptors for 
the sets RED(S) and IRR(S) can be constructed in polynomial time. 

For w G A*, Ag(w) := {z G E* \ w ^*g z} is the set of descendants of w, 
Vg(w) := {z £ A* I z —>5 w} is the set of ancestors of w, and [w]s ■= {z G A* | 
w ^*g z} is the congruence class of w. Here ^*g denotes the Thue congruence 
generated by S, which is simply the reflexive, symmetric, and transitive closure 
of the relation -^s- For a language L C A*, the sets Ag(L), Eg(L), and [L]s 
are defined accordingly. 

For a finite system S the sets of the form A*g(w), Vg(w), and [w]s are clearly 
recursively enumerable, but in general they are not even recursive. For certain 
restricted classes of string-rewriting systems however, we obtain much stronger 
results. 
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A string-rewriting system S is called 

— length-reducing if \P\ > |r| holds for each rule (^, r) of S', where |w| denotes 
the length of the string w, 

— monadic if it is length-reducing, and range(S) C A U {A}, 

— special if it is length-reducing, and range(S) = {A}. 

Obviously, a length-reducing system is noetherian. In fact, a system of this 
form has a linear upper bound on the length of reduction sequences. Although 
there are much more general classes of noetherian string-rewriting systems, we 
will not consider them in this paper. 

If S is a length-reducing system, then A*g{w) is a finite set for each string w. 
However, already for finite confluent systems of this form we obtain very general 
languages once we consider sets of the form Ag{L), where L C A* is a regular 
language. 

Proposition 2. 

Let E C E* be a recursively enumerable language. Then there exist a finite, 
length-reducing, and confluent string-rewriting system S on some alphabet T 
properly containing E and two regular languages L\,L2 C E* such that 



s{A*g{Li) n L2) = E = 7 Ti;([Li]s n L2), 



where its denotes the projection from E* onto E* . 



On the other hand we have the following positive result. 

Proposition 3. 

Let S be a monadic string-rewriting system on E, and let L C E* be a regular 
language. Then the set Ag(L) is again a regular language. Lf S is finite, then 
a finite-state acceptor for this language can be constructed in polynomial time 
from a finite-state acceptor for L. 



The acceptor for Ag(L) is simply obtained from the one for L by adding 
transitions. Accordingly the polynomial time-bound carries over even to certain 
classes of infinite monadic systems. 

If S' is a finite monadic system, then S~^ := {{r,t) \ {i,r) G S} can be 
interpreted as the set of productions of a context-free grammar. Hence, it is 
easily seen that the set E*g{L) is a context-free language for each finite monadic 
string-rewriting system S and each context-free language L. If S is confluent, 
then [wjs = Eg{w) for each irreducible string w. Hence, we obtain the following 
result. 



Proposition 4. 

Let S be a finite string-rewriting system on E that is monadic and confluent. 

(a) For each context-free set L C IRR(S) of irreducible strings, [L]s is a context- 
free language. 

(b) For each regular set L C E* , [L]s is o deterministic context-free language. 
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Underlying part (b) of Propositionjis the following general result. 

Proposition 5. | ■ ' | 

Let S be a finite and noetherian string-rewriting system on E. Then there exists 
a deterministic automaton with two-pushdown stores that, given a string w € E* 
as input, computes the irreducible descendant of w modulo S with respect to left- 
most reductions. If S is monadic, then this computation can be performed by a 
standard deterministic pushdown automaton. 

Based on the positive results for monadic systems above Book has developed 
a decision procedure for a restricted class of sentences of first-order predicate 
calculus without equality, where the set of nonlogical symbols consists of a binary 
predicate symbol =, a binary function symbol •, a constant symbol a for each 
letter a from a fixed finite alphabet E, and a constant symbol 1. 

Let 5 be a string-rewriting system on E. By interpreting the function symbol 
• as the multiplication in the monoid Ms := E* / by interpreting each 
constant a as the monoid element [a] s and the constant 1 as the identity [A] s of 
the monoid Ms, and by interpreting the predicate symbol = as the congruence 
<->g, we obtain an interpretation for these sentences expressing some properties 
of Ms. 

Let A7 be a finite alphabet, and let Ve and Vu be two disjoint countable 
sets of symbols such that {Ve U Vu) D E = 0. The symbols of Ve are existential 
variables, while those of Vu are universal variables. A string in {E \JVu)* is a 
universal term, and a string in {E U Ve)* is an existential term. 

If X and y are two existential terms, then a; = y is an existential atomic 
formula. If x and y are two universal terms, then x = y is a, universal atomic 
formula. Finally, if one of x and y is an existential term and the other is a 
universal term, then x = y is a mixed atomic formula. 

An atomic formula is a formula. If Fi and F 2 are formulas, then {Fi A F 2 ) 
and {Fi V F 2 ) are formulas. A formula is called linear if no variable occurs twice 
in it. 

If A is a formula with existential variables vi, ... ,Vq and universal variables 
ui, ... , Up, then 

VuiVu 2 . . .yup3vi3v2 . . .3vqF and 3v\3v2 . . .3uqVuiVu2 . . .^UpF 

are sentences. By LINSEN(A) we denote the set of all sentences over E that 
contain only linear formulas. 

Let S' be a string-rewriting system on E. If is a sentence over E containing 
the variables v\, . . .,Vp G (Ve U Vu), and if Li, . . . , Lp are subsets of E*, then 
we obtain the following interpretation of ip: 

(i) for each i, 1 < i < p, the variable Vi takes values in the set Li; 

(ii) the symbol = is interpreted as the congruence -(-i-g; 

(iii) the symbol A is interpreted as conjunction and the symbol V is interpreted 
as disjunction. 
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Under this interpretation the sentence ip is either true or false as a statement 
about the congruence and the sets Li,. . ,,Lp C E* , and hence about the 
monoid Ms- 

For example, a string w is left- divisible by z if and only if w is congruent to 
a string with prefix z, that is, if the linear sentence 3v : w = z ■ v is true under 
the interpretation induced by S and the set E* . 

If S' is a finite, monadic, and confluent system, then with each term a; of a 
linear sentence we can associate a regular set L{x) of irreducible strings based 
on the structure of the term and the regular sets serving as domains for the 
variables occurring in x. In this way the question of whether or not the linear 
sentence is true under the given interpretation is reduced to a question about 
regular languages. This yields the following decidability result. 

Proposition 6. Q] 

Let S he a string-rewriting system on E that is finite, monadic, and confluent. 
Then the following validity problem for linear sentences is decidable in polyno- 
mial space: 

INSTANCE .• A sentence p S LINSEN(A') containing variables v\, V2, ■ ■ ., Vm, 
and regular sets L\, . . . , Lm C E* that are specified by finite-state 
acceptors. 

QUESTION .• Is p true under the interpretation induced by S and Li, . . ., Lm ? 

Actually, if the linear sentences p considered do not contain mixed atomic 
formulas or if their quantifier prefixes are of the form , then the validity of 
these sentences is even decidable in polynomial time. 

In fact, also some other decision problems, for which there does not seem to 
be a way of expressing them by linear sentences, can be solved for finite, monadic, 
and confluent string-rewriting systems in a similar way. An example for this is 
the property of left-cancellativity. Here the monoid Ms is called left-cancellative 
if, for all u,v,w G E* , uv -<^s implies that w holds. 

Proposition 7. | | 

Let S he a string-rewriting system that is length-reducing, interreduced, and con- 
fluent. Then the monoid M$ is not left-cancellative if and only if there exists a 
rule {au, v) G S, where a G E and u,v G IRR(S'), such that A*g{Li) n A*g{L2) yf 
0 , where L\ = {auw \ w G E* such that uw G IRR(S')} and L2 = {ax \ x G 
IRR(iS'), u is not a prefix of x}. 

If S is finite, then Li and L2 are regular languages, finite-state acceptors for 
which can be constructed in polynomial time. Thus, if additionally S is monadic, 
then the condition stated in the proposition above can be verified in polynomial 
time. By considering various other regular languages associated with monadic 
string-rewriting systems, it can be shown that the {left-, right-) conjugacy prob- 
lem and the common left- {right-) multiplier problem are decidable in polynomial 
time for each finite, monadic, and confluent string-rewriting system 

For a finite noetherian string-rewriting system S' on A the test for confluence 
of S reduces to checking whether the intersection A*g{u) n A*g{v) is non-empty 
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for each of the finitely many critical pairs (u, v) of S. However, it is much more 
difficult in general to decide whether the system S is confluent on a certain 
congruence class [w]s. Here S is called confluent on [w]s for some string w G E* 
if, for all u,v,x G [w]s, u —>5 v and u —>5 x imply that Z\5(f) n ^*s(x) is 
non-empty. 

For u G E* and w G IRR(S'), let Con„(w) := {xfl^y \ x^y G IRR(S') and 
xuy g w} be the set of contexts of u for w modulo S, where g denotes the 
left-most reduction modulo S, and ^ is a new letter. Further, let UCP(S') denote 
the set of those critical pairs (y, z) of S for which the intersection A*g{y) n ^*g{z) 
is empty. Then we have the following characterization. 



Proposition 8. 

Let S be a finite noetherian string-rewriting system on E, and let w G IRR(iS'). 
Then S is confluent on [w]s if and only if Cony(w) = Con2(w) holds for each 
pair (y,z) G UCP(S'). 



Even for finite length-reducing systems confluence on a given congruence 
class is undecidable in general If, however. S' is a finite monadic system, 
then each language of the form Con„(i(;) is a deterministic one-turn language, 
and in fact, from S and the strings u and w, a deterministic one-turn pushdown 
automaton for Con„(w) can be constructed effectively. Thus, we obtain the fol- 
lowing decidability result due to the solvability of the equivalence problem for 
deterministic one-turn pushdown automata Q. 

Corollary 1. | > ■ | 

For finite monadic string-rewriting systems confluence on a given congruence 
class is decidable in doubly exponential time. 



However, for special systems this result can be improved considerably by 
analyzing the form of the generated reduction sequences in more detail. 

Corollary 2. 

For finite special string-rewriting systems confluence on a given congruence class 
is decidable in polynomial time. 



This result even extends to testing whether a finite monadic system S is 
weakly confluent, that is, whether S is confluent on [a]s for each a G range(S') 
I would like to mention in passing that based on these confluence tests 
Knuth-Bendix like procedures for weak completion have been developed 

1 . for finite special systems and 

2 . for finite monadic systems presenting groups ^3. 



Actually, for these two classes of string-rewriting systems further interesting 
results have been obtained that are based on language properties of certain 
associated sets. 

For a string-rewriting system S' on A and a language L C E* , we denote by 
Is{L) the set Is{L) := [T]s n IRR(S) of irreducible strings that are congruent 
to some string from L. 
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Proposition 9. 

Let S be a finite special string-rewriting system that is confluent on [A]s, and let 
L C S* be a regular language. Then the set Is(L) is also regular, and a finite- 
state acceptor for Is (L) can be constructed in polynomial time from a flnite-state 
acceptor for L. 

Proposition H also holds for finite, monadic, and weakly confluent systems 
that present groups In particular, this implies that the result on linear sen- 
tences (Proposition^ carries over to finite, special systems that are weakly con- 
fluent and to finite, monadic, and weakly confluent systems presenting groups. 

3 Prefix-Rewriting Systems 

In this section we take a look at prefix-rewriting systems and relate them to the 
subgroup problem of finitely presented groups. 

A prefix-rewriting system on A is a subset of E* x E* . Its elements are called 
prefix-rules. If P is a prefix-rewriting system, then dom(P) and range(P) are 
defined as for string-rewriting systems. 

The prefix-reduction relation =>p defined by P is the reflexive transitive 
closure of the single-step prefix-reduction relation =^p := {{lw,rw) \ (£,r) G 
P,w G A7*}, and by <^p we denote the reflexive, symmetric, and transitive 
closure of =^p. Obviously <J4>p is a left-congruence on E* . By RED(P) we denote 
the set of all reducible strings, and IRR(P) denotes the set of irreducible strings. 
Obviously, RED(P) = dom(P) • E* and IRR(P) = E* \ RED(P). Hence, if 
dom(P) is a regular language, then RED(P) and IRR(P) are regular languages 
as well. In this situation the prefix-rewriting system P is called left-regular. 

The prefix-rewriting system P is called noetherian, confluent, convergent, \- 
confluent, X-convergent, interreduced, or canonical if the corresponding condition 
is satisfied by =^>p. It is interesting to observe that a prefix-rewriting system is 
convergent whenever it is interreduced, that is, it is canonical if and only if it is 
interreduced. This is an immediate consequence of the corresponding result for 
ground-term rewriting systems (Proposition ^3, since a prefix-rewriting system 
P on E can be interpreted as a ground-term rewriting system on the signature 

Fs- 

Next we will show how prefix-rewriting systems are related to the subgroup 
problem. Let G be a group that is given through a finite presentation {E; S), and 
let : E* ^ E* denote a function realizing the inverse function of G. Further, 
let U C E* he a finite set, where we assume without loss of generality that U 
is closed under inverses, that is, for each u G U , there exists an element v G U 
such that V u~^. Then a string w G E* presents an element of the subgroup 
(U) of G that is generated by U if and only if there exist u\,. . .,Uk G U such 
that w U\U 2 ■ • -Uk. The subgroup problem for G is the problem of deciding, 
given a finite set U C E* and a string w G E* , whether or not w belongs to the 
subgroup (U) of G. 

With U we associate a binary relation on E* as follows: 

X y iff 3u G (U) : x <-^5 uy. 
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Then w € (U) if and only if w A. 

With (A7; S) and U we now associate a prefix-rewriting system P := Pj/UPs, 
where 

Pu ■■= {(u, X) \ u eU} 

and 

Ps '■= {{xi, xr) \ X & E* and ^ r) & S'}. 

Then P is a left-regular system, and the following property is easily verified. 



Proposition 10. 



The left- congruences and 44>p coincide. 



Hence, if P is A-confiuent, then a string w G E* belongs to {U) if and only 
if w =>p A, and if P is convergent, then IRR(P) is a complete set of coset 
representatives for {U) in G. 

If S is noetherian, then P is noetherian, but in general P will not be con- 
vergent even in case S is. However, as for string-rewriting systems confluence of 
the prefix-rewriting system P can be characterized through the convergence of 
finitely many critical pairs. Based on this confluence test a Knuth-Bendix style 
completion procedure for prefix-rewriting systems has been developed in 
that applies to groups G that are given through finite convergent presentations. 

Also confluence on can be characterized as for string-rewriting systems 

(Proposition^ However, there is another criterion for deciding this property 
that exploits automata-theoretical arguments. 

Let {E; S) be a finite convergent presentation of a group, let Pu be a set of 
prefix-rules on E, and let P := Pu U Ps, where we assume that the set U := 
{uv~^ I (u,v) G Pu} is closed under taking inverses and that P is noetherian. 
Then [A]p = {U), and hence, w G [A]p if and only if w <t4>p z for some z G U* . 
Now P is confluent on [A]...,;^ if and only if each string w G {U) \ {A} is reducible 
by P, that is, if and only if [A]pnlRR(P) = {A}. However, since S is convergent, 
the latter equality is equivalent to the equality {Ag{U*) n IRR(S')) n IRR(P) = 
{A}. 

If S and Pu are both finite, then the sets IRR(iS') and IRR(P) are both regu- 
lar, and finite-state acceptors for them can be constructed effectively. Also U* is 
a regular set in this situation. Hence, this criterion becomes decidable whenever 
the set Ag(U*) (or the set Z\g(P*)nlRR(S')) allows an effective specification for 
which the intersection with the regular set IRR(P) can be determined effectively. 

If {E; S) is a finite, weight-reducing, and confluent presentation of a group 
and U C E* is a finite set, then it is still an open problem whether or not 
the set A*g{U*) is necessarily regular. However, if we restrict the set A*g{U*) 
to only those strings that are obtained by left-most reductions, then this subset 
Z\p s(P*) of A*g{U*) can be shown to always be regular In fact, a finite- 
state acceptor for this language can be constructed effectively. Since Z\p si^*) 
IRR(S') = Z\g(P*)nlRR(S'), we obtain a finite-state acceptor for the set Ag{U*) 
nlRR(P). This gives the following decidability result. 



Proposition 11. 

Let (E; S) be a finite, weight-reducing, and confluent presentation of a group. 
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and let Py he a finite set of prefix-rules on S such that the set U := {uv~^ \ 
(u, v) S Pjj} is closed under taking inuerses, and P Pjj U P$ is noetherian. 
Then it is decidable whether the prefix-rewriting system P is X-confluent. 

Now assume that (i7; S) is a finite, weight-reducing, and confluent presen- 
tation of a group G, let U C 17+ be a finite set that is closed under taking 
inverses, and let Py ■= {(u, A) | u G U}. From (17; S) and U we can construct 
a finite-state acceptor A = {Q, E,qo, F,S) for the language A*g{U*) n IRR(5). 
From A we extract a finite set of prefix-rules Py as follows, where we identify A 
with its state graph in order to simplify the notation: 

(i) For every simple path in A leading from the initial state qo to a final state 
qf G F, which does not pass through any final state, we put the rule {x, A) 
into Py, where x is the label along the path considered. 

(ii) For every path p vci A from q^ to a final state qf G F, which does not 
pass through any final state, and which can be partitioned into three parts 
p = Pi,P 2 ,P 3 such that Pi is a simple path, and p 2 is a simple loop, we 
put the rule (xiX 2 ,Xi) into Py, where Xi is the label along the subpath pi, 
i = 1,2. 

Obviously, Py is a finite set of prefix-rules that can effectively be obtained 
from A. For w G (U) there exists a unique string wq G IRR(S') such that w 
Wo- Since w G (U), wq G A*g{U*) n IRR(S'), and hence, wq is accepted by A. 
From the construction of it follows that w =>p/ A holds, where P' := P[jUPs- 
Since u ~£/ v holds for each rule {u, v) G Py, it follows that <t4-p, = ^y, and P' 
is confluent on [A].^j;. 

Proposition 12. 

Let (A7; S) be a finite, weight-reducing, and confluent presentation of a group G, 
and let U C i7+ be a finite set. Then a finite set of length-reducing prefix-rules Pfi 
can be determined effectively such that the prefix-rewriting system P := Pf U Ps 
is confluent on [A]p and <t4>p = 

Actually, this construction carries over to the case of groups that are pre- 
sented through finite and monadic string-rewriting systems that are only con- 
fluent on the congruence class of the empty string 

Finally, we want to address automatic structures for monoids, which is a 
fairly recent development. An automatic structure for a monoid-presentation 
(A7; S) can be interpreted as a finite description of the multiplication table of 
the monoid Mg. Originally automatic structures were developed for groups (see 
19 for a detailed presentation), but recently automatic structures have also 
been considered for semigroups and monoids 

In order to define automatic structures we need the following definition as 
we will be dealing with infinite sets of pairs of strings that are to be recognized 
by finite-state acceptors. 

Let A7 be a finite alphabet, and let ff ^ E be an additional “padding” symbol. 
Then by A7^ we denote the following finite alphabet: 

E# := ((A7 U {#}) X (A7 U {#})) \ {(#, #)}. 
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This alphabet is called the padded extension of E. An encoding v : E* x E* 
E^ is now defined as follows: 

if u := aiU2 • • • o„ and v := 6162 • • • bm, where oi, . . . , a„, 61, . . . , 5^ € E, then 



{ (dl , ) (ci2 5 ^2) ’ ■ ‘ (ttm : ^m) (ttm+1 ; ‘ ‘ {^n ; ; If ^ ^ 

{ai,bi){a2,b2) ■ ■ -{am^bm), if m = n, 

(oi, 5i)(a2, 62) • • • (a„, 5„)(#, 6„+i) •••(#, bm) if m > n. 



A prefix-rewriting system P on E is called synehronously regular^ s-regular 
for short, if v{P) is accepted by some finite-state acceptor over E^. Obviously, 
if P is s-regular, then dom(P) and range(P), and therewith also RED(P) and 
IRR(P), are regular languages. 

An automatie strueture for a finitely generated monoid-presentation (E; S) 
consists of finite-state acceptors W over E and and Ma (a G E) over E^ 
satisfying the following conditions: 



(0.) L{W) C is a complete set of (not necessarily unique) representatives for 
the monoid Ms, that is, L{W) n [u]s ^ 0 holds for each u G E*, 

(1.) L{MEj = {v{u, v) \ u,v G L{W) and u <-*-5 u}, and 

(2.) for all a G E, L{Ma) = {r'iu, v) \ u,v G L{W) and ua u}. 



Actually, one may require that the set L(W) is a cross-section for Ms, in 
which case we say that we have an automatic structure with uniqueness ^3- 
this situation the finite-state acceptor is trivial, and hence, it will not be 
mentioned explicitly. 

A monoid-presentation is called automatic if it has an automatic structure, 
and a monoid is called automatic if it has an automatic presentation. Automatic 
monoids have word problems that are decidable in quadratic time based on 
the automatic structure. For automatic groups many additional nice properties 
have been obtained, while for automatic monoids in general the situation is 
not quite as nice 



Q. Here we are interested in automatic structures with 
uniqueness, for which the set of representatives considered is in addition prefix- 
closed. It is an open problem whether or not every automatic group does have 
an automatic structure with this additional property. But at least the following 
characterization can be obtained. 



Proposition 13. 

Let (E; S) be a finitely generated monoid-presentation. Then the following two 
statements are equivalent: 

(a) There exists an automatic structure {W,Aa{a G E)) with uniqueness for 
{E; S) such that the set L(W) is prefix-closed. 

(b) There exists an s-regular canonical prefix-rewriting system P on E that is 

equivalent to S, that is, the left- congruence coincides with the Thue 

congruence <-^g. 

There exists a group with a finite convergent presentation, which does not 
admit an automatic structure ^3- Hence, no finitely generated presentation of 
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this group has an s-regular canonical prefix-rewriting system that defines the 
corresponding Thue congruence. 

The monoid N of ^3 has an automatic structure that is based on a regular 
cross-section that is the set of irreducible strings modulo some infinite left-regular 
convergent string-rewriting system. Hence, this set is certainly prefix-closed and 
so Proposition ^Jshows that this presentation of N admits an s-regular canon- 
ical prefix-rewriting system. However, N does not admit any finite convergent 
presentation. These observations yield the following result. 

Corollary 3. The class of finitely presented monoids that admit a finite con- 
vergent presentation and the class of finitely presented monoids that admit an 
s-regular canonical prefix-rewriting system are incomparable under set inclusion. 



4 Church-Rosser Languages 

In the previous sections we have seen how techniques from automata theory have 
been used to establish properties for string-rewriting systems. Here we show that 
also rewriting theory has had some influence on formal language theory. 

Definition 1. 33 

(a) A language L C E* is a Church-Rosser language (CRL) if there exist an 
alphabet T A E, a finite, length-reducing, confluent string-rewriting system 
R on r, two strings ti,t 2 € {T \ E)* nlRR(i?), and a letter Y G {T \ E)n 
IRR(i?) such that, for all w G E* , t\wt 2 Y if and only if w G L. 

(b) A language L C E* is a Church-Rosser decidable language (CRDL) if there 
exist an alphabet T A E, a finite, length-reducing, confluent string-rewriting 
system R on T, two strings t\,t 2 G (T \ E)* n IRR(i?), and two distinct 
letters Y, N G {T \ if) n IRR(i?) such that, for all w G E* , the following 
statements hold: 

• t\wt 2 — Y if and only ifwGL, and 

• t\wt 2 N if and only if w ^ L. 

By admitting weight-reducing instead of length-reducing string-rewriting sys- 
tems in the definition, we obtain the class GCRL of generalized Church-Rosser 
languages [£]. Obviously, the membership problem for a GCRL is decidable in 
linear time, and so GCRL is contained in the class CSL of context-sensitive lan- 
guages. Further, it is shown in 33 that each deterministic context-free language 
is a Church-Rosser decidable language, while there exist languages in CRDL 
that are not context-free. Hence, we have the following sequence of inclusions: 

DCFL c CRDL C CRL C GCRL c CSL. 

However, while it was conjectured in |3 that the class CFL of context-free 
languages is not contained in CRL, this remained open at the time. 

Another subclass of CSL that received quite some attention in the literature 
is the class GCSL of growing context-sensitive languages. Here a language is 
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called growing context-sensitive if it is generated by a growing context-sensitive 
grammar, that is, a grammar G = {N, S, S, P) satisfying the following condi- 
tions: 

1. the start symbol S does not occur on the right-hand side of any production, 
and 

2. for each production (^, r) e P, \^\ < |r| or ^ = 5. 

In Q Dahlhaus and Warmuth proved that the membership problem for 
a growing context-sensitive language can be solved in polynomial time. In ^ 
Buntrock and Otto introduced the following type of automaton in order to char- 
acterize the class GCSL of growing context-sensitive languages. 



Definition 2. 

(a) A two-pushdown automaton (TPDA) is a nondeterministic automaton with 
two pushdown stores. Formally, it is a 7-tuple M = {Q, S, P,6,qo, P, F), 
where 

- Q is the finite set of states, 

- S is the finite input alphabet, 

- F is the finite tape alphabet with FAS and F n Q = $, 

- qo G Q is the initial state, 

- P G F \ E is the bottom marker of the pushdown stores, 

- F G_Q is the set of final (or accepting) states, and 

-6:QxFxF^ is the transition relation, where 6{q, a, b) is 

a finite set for each triple {q, a,b) G Q x F x F . 

M is a deterministic two-pushdown automaton (DTPDA) , ifS is a (partial) 
function from Q x F x F into Q x F* x F* . 

(b) A (DTPDA) TPDA M is called shrinking if there exists a weight function 
(fi : Q U F N+ such that, for all q G Q and a,b G F, if (p, u, v) G 
S{q,a,b), then (p{puv) < (p{qab). By sTPDA and sDTPDA we denote the 
corresponding classes of shrinking automata. 

A eonfiguration of a (DTPDA) TPDA M can be described as uqv with q G Q 
and u,v G F*, where u is the contents of the first pushdown store with the first 
letter of u at the bottom and the last letter of u at the top, q is the current 
state, and v is the contents of the second pushdown store with the last letter of 
V at the bottom and the first letter of v at the top. M induces a computation 
relation on the set of configurations, which is the reflexive, transitive closure 
of the single-step computation relation \~m (see, e.g., For an input string 

w G E* , the corresponding initial configuration is _Lgow_L. M accepts by empty 
pushdown stores: 



L(M) := {w G E* \3q G F : PqowP g}. 

Buntrock and Otto established the following characterization for the classes 
of languages that are accepted by nondeterministic or deterministic shrinking 
TPDAs, respectively. 
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Proposition 14. 

(a) A language is accepted by some shrinking TPDA if and only if it is growing 
context-sensitive. 

(h) A language is accepted by some shrinking DTPDA if and only if it is a 
generalized Church-Rosser language. 

Thus, the generalized Church-Rosser languages can be viewed as the de- 
terministic variants of the growing context-sensitive languages. Further, it is 
observed in Q that the language L = {ww | w G {a, b}~^} does not belong 
to the class GCSL. Since the class GCRL is clearly closed under complement 
due to Proposition ^Jb), it follows that the language = {a,b}* \ L is a 
context-free language that is not generalized Church-Rosser. This finally settled 
the conjecture of mentioned above. 

Finally, Niemann and Otto showed that each sDTPDA can be simulated 
by some finite length-reducing and confluent string-rewriting system thus 
establishing the following equalities. 

Proposition 15. | The classes GRDL, GRL, and GGRL coincide. 

Thus, GRL is incomparable with the class GFL under set inclusion, it is 
closed under complement and under left and right quotient with a single string 
^ 3 . However, it is not closed under union or intersection ^3, and it is not 
closed under homomorphisms, since GRL is a basis for the recursively enumerable 
languages Since GFL is a full abstract family of languages ^3, this 

indicates a certain duality between GRL and GFL. Based on a generalization 
of the so-called restarting automata with rewriting ^3 this duality is further 
explored in 

5 Ground Term-Rewriting Systems 

Finally we turn to rewriting systems over terms. For the following considerations 
let F denote a finite signature, that is, F’ is a finite set of function symbols, each 
of which is associated with a fixed arity. For each n > 0, is the subset of F 
consisting of the function symbols of arity n. The elements of Fq are called con- 
stants. To avoid degenerate cases we will always assume that the set of constants 
is non-empty. 

The set of terms T{F) is defined inductively as follows: 

(1.) Each constant is a term. 

(2.) If / G for some n > 0 and ti, . . . , G T{F), then f{ti, • • • , t„) is a term. 

Actually, since they do not contain any variables, the terms considered here are 
usually called ground terms. However, we call them simply terms here, as we will 
not consider terms with variables until the next section. 

A term t G T{F) can be seen as a finite ordered tree, the leaves of which are 
labeled with constants and the internal nodes of which are labeled with function 
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symbols of positive arity such that the outdegree of an internal node equals the 
arity of its label. Thus, a position within a term can be represented - in Dewey 
decimal notation - as the sequence of positive integers which describes the path 
from the root to that position. Accordingly, the set 0{t) of occurrences of the 
term t is the set of sequences of positive integers describing the positions in t. 
The length of the longest of these sequences is called the depth of the term t, 
which is denoted as depth (t), and the number of sequences in 0{t) is the size of 
t, denoted as size(t). For p G 0{t), t/p denotes the subterm of t at occurrence p. 
If s is another term, then <— s] denotes the term that is obtained by replacing 
the subterm of t at occurrence p by the term s. 

A ground term-rewriting system i? is a subset of T{F) x T{F), the elements 
of which are called (rewrite) rules. The reduction relation associated with a 
ground term-rewriting system R is the reflexive and transitive closure — of 
the following single-step reduction relation: s t if and only if there exist an 
occurrence p G 0(s) and a rule (£ ^ r) G R such that s/p = £ and t = s[p <— r]. 
A term t is said to be in normal form or irreducible modulo the ground term- 
rewriting system R if no reduction can be applied to t. By IRR(i?) we denote 
the set of all these irreducible terms, and RED(ii) = T(F) \ IRR(i?) is the set 
of reducible terms. 

The equational theory that is associated with a ground term-rewriting system 
R is the congruence =r that is generated by the reduction relation — >_r, that is, 
it is the congruence (-^r U ^r)* ■ 

A ground term-rewriting system R is called noetherian, (locally) confluent, 
or convergent if the reduction relation -^r has the corresponding property. It is 
depth-reducing if depth(^) > depth(r) holds for each rule £ ^ r oi R. Finally, R 
is called interreduced if range(i?) C IRR(ii) and £ G IRR(i? \ ^ r}) for each 

rule (£ ^ r) G R. If R is convergent and interreduced, then it is called canonical. 

A term language over A is a subset of T(F). As for strings term languages 
can be defined by formal grammars and by various types of automata. Here we 
are mainly interested in the class of regular term languages which can be defined 
as follows. 

A non- deterministic hottom-up tree automaton (NBUTA) is given through 
a 4-tuple A = (Q, F, Ra,Qo), where Q is a finite set of states, F is a finite 
signature, Qa C Q is the set of accepting states, and Ra is a ground term- 
rewriting system on the signature F U Q, where each state symbol from Q is 
considered as a new constant. The rules of Ra are of the form 

(i) c ^ q, where c G Fq and q G Q, and 

(ii) f(qi, . . .,q„) ^ q, where / G for some n > 0 and qi, . . . , q„, q G Q. 

A is a deterministic bottom-up tree automaton (BUTA), if Ra does not contain 
two rules with the same left-hand side. The language L(A) accepted by A is 
defined as L(A) = {t G T(F) \ t ^r^ q for some q G Qa}- A language L C T(F) 
is regular if and only if it is accepted by some NBUTA, and this is the case if 
and only if it is accepted by some BUTA 

For a finite ground term-rewriting system R, a BUTA A can easily be con- 
structed such that L(A) = RED(i?). Since the class of regular term languages is 
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effectively closed under complement, we also obtain a BUTA for the set of irre- 
ducible terms IRR(i?). Thus, RED(ii) and IRR(i?) are regular term languages. 

In contrast to the situation for string-rewriting systems (or for that matter 
general term-rewriting systems) it is decidable whether or not a finite ground 
term-rewriting system is noetherian Further, even confluence is decidable 
for these systems Oyamaguchi’s proof, which is combinatorically quite 

involved, reduces the confluence property of finite ground-term rewriting systems 
to the equivalence problem for non-deterministic top-down tree automata 
while Dauchet and his co-authors invented a new kind of transducer to describe 
the confluence property 

A ground tree transducer (GTT) consists of a pair {G,D) of NBUTAs G = 
{Qg, F, Rc,Qg) and D = {Qd, F, Rd,Qd) such that Qg n Qd is non-empty. 
The relation — on T{F) that is induced by (G, D) is defined as follows: 



If a binary relation ^ on T{F) coincides with the relation induced 

by a GTT, then ~ is called a GTT-relation. 



Proposition 16. 




(1.) The inverse of a GTT-relation is a GTT-relation. 

(2.) The semi- congruence closure of a GTT-relation is a GTT-relation. 
(3.) The composition of two GTT-relations is a GTT-relation. 



In fact, these closure properties are effective in that, given a GTT for a 
relation a GTT for the inverse relation can be constructed effectively, 
and similar for the other two operations. 

Now from a finite ground term-rewriting system R a GTT Afi can be con- 
structed for the reduction relation on T(F). From Ar we obtain GTTs 

Adiverge and Aconverge, where Adiverge realizes the relation o and 

Aconverge realizes the relation — o Observe that R is confluent if and 
only if^flO— Hence, the test for confluence of R is reduced 
to the inclusion problem for two GTT-relations. Since the inclusion of GTT- 
relations is decidable ^3^3, this immediately yields the announced decidability 
result. 



Corollary 4. E 

The confluence property is decidable for finite ground term-rewriting systems. 



Based on the same technique Dauchet and Tison even show that the first- 
order theory of a ground term-rewriting system is decidable Q. 

We close this section with a remarkable observation concerning interreduced 
ground term-rewriting systems. Note that the following considerations also apply 
to prefix-rewriting systems, as a prefix-rewriting system on some alphabet E can 
be interpreted as a ground term-rewriting system on the signature F^. 

Let ii be a ground term-rewriting system that is interreduced. Then range (i?) 
C IRR(R), and hence, it is easily seen that R is noetherian. Further, the left- 
hand side of no rule of R contains the left-hand side of another rule as a subterm. 
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Therefore, R has no critical pairs at all, and hence, it is also confluent. Hence, 
we have the following characterization. 

Proposition 17. \ 

A ground term-rewriting system is canonical if and only if it is interreduced. 

Thus, by interreduction a finite ground-term rewriting system R that is 
noetherian can be transformed into an equivalent finite system Rq that is canon- 
ical. By reorienting some of its rules if necessary, R can always be turned into 
an equivalent system that is noetherian. This yields the following result. 



Corollary 5. For each finite ground term-rewriting system an equivalent finite 
ground term-rewriting system can effectively be determined that is canonical. 



In fact this process can be performed in time 0{n logn) exploiting 

Shostak’s congruence closure algorithm ^3. Also see ^3 for a discussion of this 
algorithm and its relation to completion of ground term-rewriting systems. 



6 Term-Rewriting Systems 

In this section we will consider terms with variables, which we will again simply 
call terms. Accordingly, the terms without variables considered in the previous 
section will be called ground terms in the following. 

Let F be a finite signature, and let H be a countable set of variables. Then 
T{F, V) denotes the set of terms generated by F and V. As before T{F) denotes 
the subset of ground terms of T{F, V). For a term t G T{F, V), Var(t) denotes 
the set of variables that have occurrences in t. If no variable occurs more than 
once in t, then t is called a linear term. 

A substitution is a mapping a : V ^ T{F, V) such that a{v) = v holds for 
almost all variables v. It can uniquely be extended to a morphism a : T{F, V) — > 
T{F,V). 

A term-rewriting system R is a, (finite) set of rules R = {it Vi \ i € /}, 
where £i and are terms from T(F,V). While ground term-rewriting systems 
can be seen as a generalization of the prefix-rewriting systems considered in 
Section^ term-rewriting systems are the corresponding generalization of string- 
rewriting systems to general finite signatures. 

A term t is reducible modulo R if there is a rule i r in R, an occurrence 
p G 0{t), and a substitution a such that a{£) = t/p. The term t\p ^ cr(r)] is 
the result of reducing thy £ ^ r at p, and this reduction is written as t <— 

cr(r)]. The reduction relation associated with the term-rewriting system R is the 
reflexive and transitive closure of this single-step reduction relation —^r. A 
term t is said to be in normal form or irreducible modulo R if no reduction can 
be applied to t. By IRR(i?) we denote the set of all those ground terms that are 
irreducible, and RED(i?) is the set T{F) \ IRR(i?) of reducible ground terms. 

As for ground term-rewriting systems the equational theory that is associated 
with a term-rewriting system R is the congruence =r that is generated by the 
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reduction relation — >/{, that is, it is the congruence <—«)*• Usually we are 

only interested in the restriction of this congruence to ground terms. 

A term-rewriting system is called noetherian, (locally) confluent, convergent 
or canonical if the induced reduction relation has the corresponding property. It 
is called left-linear if the left-hand side of each rule of i? is a linear term. 

If i? is a finite term-rewriting system that is left-linear, then a regular tree 
grammar can easily be constructed from R that generates the set RED(ii) of 
reducible ground terms. Hence, we have the following result. 

Proposition 18. 

For a finite term-rewriting system that is left-linear the set of irreducible ground 
terms as well as the set of reducible ground terms is a regular term language. 

The left-linearity of the term-rewriting system considered is a crucial hypoth- 
esis for Proposition^^ as a finite non-left-linear system can easily be constructed 
for which the set of irreducible ground terms is not regular. However, some fi- 
nite systems yield regular sets of irreducible ground terms although they are not 
left-linear. An example in kind is the following system which is essentially taken 
from 

eq(x,x) ^ s(0), 6 ( 7 ( 0 , s(a;)) ^0, 

eq(s(x),0) ^0, eq(s(x),s(y)) ^ eq(x,y), 

eq(eq(x, y),z) 0, eq(x, eq(y, z)) 0, 

s(eq(x,y)) ^0. 

Thus, the question arises whether there are regular tree languages that occur 
as sets of irreducible ground terms for some finite term-rewriting systems that 
are not left-linear, but that do not occur as sets of irreducible ground terms for 
any finite left-linear systems. Surprisingly this is not the case. 

Proposition 19. | 

For a finite term-rewriting system R, if IRR(i?) is a regular term language, then 
there exists a finite left-linear system Run such that IRR(i?/m) = IRR(R). 

In fact, Riin consists of linear instantiations of rules of R. By associating 
with each transition rule of a top-down tree automaton a regular set of ground 
terms governing the applicability of that rule, the class of deterministic top-down 
tree automata with prefix look-ahead is defined in It yields the following 
characterization . 

Proposition 20. [9 

A term language L C T(F) is recognized by a one-state deterministic top-down 
tree automata with prefix look-ahead if and only if there exists a finite term- 
rewriting system R satisfying IRR(i?) = L. 

Thus, the one-state deterministic top-down tree automata with prefix look- 
ahead, the finite left-linear term-rewriting systems, and the finite term-rewriting 
systems that are not left-linear all define the same subclass of the class of all 
regular term languages. In addition, the following decidability result holds. 
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Proposition 21. 

Given a finite term-rewriting system R, it is decidable whether or not IRR(i?) 
is a regular term language. If IRR(i?) is indeed a regular term language, then a 
linear instantiation Run of R can be constructed such that IRR(i?ji„) = IRR(i?) 
holds. 



A term-rewriting system i? on a signature F is called F-regularity preserving 
if, for each regular term language L C T{F), the set AffL) of all descendants 
is again regular. It is called regularity preserving if it is A-regularity preserving 
for each signature F containing all the function symbols that actually occur in 
the rules of R. 

If F := {f,g,a}, where / and g are unary symbols and a is a symbol of 
arity 0 (a constant), then for R := {f{g{x)) f{f{9{g{x)))), f{a) a,g{a) 

a,a^ f{a),a g{a)} it is easily seen that AJj(t) = T{F) holds for all ground 
terms t G T{F). However, if Fi := F U {h}, where h is another unary function 
symbol, then Z\^(/(g(/i(a)))) = {/”(5"(^(t))) | t G T{F)}, which is not regular. 
Thus, R does preserve A-regularity, but not Ai-regularity Obviously the 
ground rules contained in R are responsible for this, since the subsystem R' := 
{f{g{x)) f{f{g{g{x))))} of R does not even preserve F-regularity. 

It is well-known that the property of being F-regularity preserving is unde- 
cidable in general In fact, this property is even undecidable for finite 

string-rewriting systems On the other hand, while for term-rewriting sys- 
tems the property of regularity preservation depends on the actually chosen 
signature as indicated by the example above, this is not true for string-rewriting 
systems Actually, we have the following result. 

Proposition 22. | 

Let S be a string-rewriting system on E, let F^ = FU {([:}, where ^ is a constant 
and each letter from E is interpreted as a unary function symbol, and let Rs be 
the term-rewriting system Rs = {(.{x) r{x) \ (i,r) G S'} on F^. Then Rs is 
regularity preserving if and only if it preserves F s -regularity . 

On the other hand it is known that certain restricted classes of term-rewriting 
systems are regularity preserving. This applies to those systems that contain only 
ground rules Q, to term-rewriting systems that are right-linear and monadic 
[3, that are linear and semi-monadic or that are linear and generalized 
semi-monadic 

While we refer to the literature for the other notions mentioned above, we 
recall the definition of monadic term-rewriting systems. These systems were 
introduced by Book and Gallier as a direct generalization of the monadic string- 
rewriting systems A term-rewriting system R is called monadic if it is 
left-linear and if depth(r) < 1 holds for each rule £ ^ r of R. 

The process of reduction with respect to a finite monadic term-rewriting sys- 
tem that is noetherian can be realized by a tree pushdown automaton (TreePDA) 
[y. For a TreePDA A, L{A, B) denotes the set of all ground terms t for which 
there exists an accepting computation of A that, while processing t, produces a 
term from B. 
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Proposition 23. 

Let R be a finite monadic term-rewriting system that is convergent. Then for 
every regular tree language B, there exists a deterministic TreePDA A such that 
L{A, B) coincides with the set of terms = UlWfl \ t G B D IRR(i?)}. 

As shown by K. Salomaa ^3 the deterministic tree pushdown automata 
of Gallier and Book are more powerful than the corresponding automata of 
Schimpf An investigation of various classes of tree pushdown automata 
and a generalization of the results on monadic term-rewriting systems to semi- 
monadic systems can be found in 

The technique for deciding linear sentences (see Proposition^ can obviously 
be lifted to those finite convergent term-rewriting systems which are effectively 
regularity preserving and for which the set of irreducible ground terms is regular. 
In particular, this has the following consequence. 

Corollary 6. ^3^3 

The validity of linear sentences is decidable for finite convergent term-rewriting 
systems that are (1.) linear and monadic, or (2.) linear and semi-monadic, or 
(3.) linear generalized semi-monadic. 

There are many more applications of tree automata to rewriting systems. 
For example, Comon shows that strong sequentiality ^3 of left-linear rewriting 
systems and NV- sequentiality ^3 of linear rewriting systems are definable in 
WSfcS, the weak second-order monadic logic of k successor functions ^3? by 
exploiting the correspondence between this logic and tree automata ^3- f"ol- 
lowing Comon’s approach Jacquemard shows that sequentiality is decidable for 
each linear rewriting system that is growing ^3- 

Further, finite test sets have been found to be a useful tool for deciding the 
membership problem for the universal closure of a given tree language, that 
is, for deciding whether all the ground instances of a given term belong to the 
language considered. By relating test sets to tree automata and to appropriate 
congruences Hofbauer and Huber ^3 obtain characterizations of ground and 
non-ground test sets, and they show how to compute and to minimize these test 
sets. 

Finally, by introducing a class of more powerful bottom-up tree automata, 
called reduction automata, Dauchet et al prove that the first-order theory of 
reduction is decidable 33- 

7 Conclusion 

As we have seen automata theory provides essential tools for the study of rewrit- 
ing systems and their properties. On the other hand, rewriting theory has in- 
fluenced the theory of automata considerably in that motivated by problems 
encountered in rewriting theory new classes of automata have been developed. 
In fact, rewriting theory with its many applications to such diverse fields as 
automated theorem proving, functional and logic programming, and semigroup 



352 



Friedrich Otto 



and group theory to mention just a few, can be seen as one of the main users of 
and contributors to automata theory. 
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Abstract. In a previous work, we have investigated an automata-theo- 
retic property of numeration systems associated with quadratic Pisot 
units that yields, for every such number 6, a certain group Ge- 
In this paper, we characterize a cross-section of a congruence ye of that 
had arisen when constructing Ge- In spite of the algebraic connections 
and implications of that characterization, the proof is combinatorial, and 
based upon rewriting techniques. 

The main point is to show that the rewrite system made up by the 
relations that generate ye, though non-confluent, behaves as if it were 
confluent. 

Dans un article precedent, nous avions associe a chaque nombre de Pisot 
quadratique unitaire 6 un certain groupe Ge par le biais de la construc- 
tion d’un automate qui realise le passage entre les representations des 
entiers dans deux systemes de numeration naturellement attaches a 9. 
Dans cet article, nous donnons une caracterisation d’un ensemble de 
representants pour une congruence ye de 2T* qui avait ete utilisee pour la 
definition de Ge- Bien que les motivations, le cadre, et les implications 
de cette caracterisation soient algebriques, la preuve est combinatoire et 
utilise les techniques des systemes de reecriture. 

Le point crucial consiste a montrer que le systeme de reecriture forme par 
les relations qui engendrent ye se comporte comme un systeme confluent 
bien qu’il ne le soit pas. 



We describe here a rewrite system that we have been led to consider in 
order to characterize a group that is associated with quadratic Pisot units, via 
numeration systems. 

It is straightforward to associate numeration systems to Pisot numbers and 
recent publications have shown spectacular appearances of these systems in dif- 
ferent questions, putting an emphasis on quadratic Pisot units. For instance, 
they are involved in the mathematical description of quasicrystals; and every 
quasicrystal observed so far in the real world is indeed defined by a quadratic 
Pisot unit (see Q). As another example, these numeration systems are also 
present in the realization of arithmetic codings of hyperbolic automorphisms of 
the torus (see [J|). 
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There are indeed two numeration systems associated with every Pisot num- 
ber. In a previous work of ours, we showed that, in the case of a quadratic Pisot 
unit, there exists a finite two-tape automaton that translates the representation 
of integers in one system into the representation of the same integer in the other 
system (Q). This automaton is fairly complicated (several hundreds of states 
in the simplest case where 9 is the golden mean) but, thanks to a series of de- 
compositions, its description boils down to the computation of a relatively small 
group (Z/5Z in the case of the golden mean). This group appears as a certain 
subgroup Gg of the quotient Hg of Z'* by a certain congruence 'yg , and has been 
fully described in Q. 

The purpose of this paper is a characterization of a cross-section of that 
congruence yg — Theorem Q — the exact statement of which requires some 
more definitions and notation. 

We found Theorem H of interest for several reasons. First, it gives the key 
to the computation in Hg, hence to the determination of Hg itself. Second, the 
definition of yg provided by Theorem J bears a remarkable similarity with the 
description of the symbolic dynamical system associated, by a theorem of Parry, 
with Pisot numbers (see B). Due to space limitation, these two aspects will not 
be developped here (and are presented in ^). Finally, the only proof we know 
for Theorem J and which is the subject of this paper, is purely combinatorial 
and relies on rewriting techniques; this is remarkable too, for similar results, the 
theorem of Parry quoted above for instance, have algebraic, and even analytical, 
proofs. 

1 The Context 

We first give a glimpse of the automatic conversion between numeration systems, 
based on the example of the Fibonacci system. The reader is referred to Q for 
a complete presentation of the subject and of the result. 

Let F = {Fn I n G N} be the sequence of Fibonacci numbers, defined bv 
the recurrence relation Fn +2 = Fr^i + Fn and by the “initial conditions” | 
Fo = 1 j = 2 . It is well-knowi| that every positive integer can be written 
as a sum of Fibonacci numbers; the sequence F together with the two-digit 
alphabet A = {0,1} defines thus the Fibonacci numeration system, i.e. every 
integer is represented by a sequence of O’s and I’s. Every integer can be given a 
normal representation, which is unique and characterized by the fact it does not 
contain two consecutive I’s 

Let ip be the golden mean i.e. the larger zero of 

P{X) = X'^ -X -I , 

which is the characteristic polynomial of the above recurrence relation. It is 
known (c/. ^ Exercise 1.2.8.35]) that every number x can be written as a sum 

^ These are not the “usual” initial conditions but they happen to be the “good” ones 
when one wants to turn the Fibonacci sequence into a numeration system. 

^ and usually credited to Zeckendorf cf. also the Exercise 1.2.8.34 in Q 
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of (positive and negative) powers of ip and thus can be represented as a sequence 
— possibly infinite — of O’s and I’s together with a radix point. Every real 
number can be given such a sequence, called its ip-expansion, which is unique 
and characterized by the fact it does not contain two adjacent I’s and does not 
terminate by the infinite factor 101010 .... 

Table 1 below gives the Fibonacci normal representation of some integers 
together with their (^-expansion as well as the same (/^-expansion written in the 
convenient folded form. 



N 


Fibonacci representations 


£/:-expansions 


Folded yj-expansions 


1 

5 


1 

1000 


1. 

1000.1001 


1 

0 

10 0 0 
10 0 1 


10 


10010 


10100.0101 


10 10 0 
0 10 10 


15 


100010 


100101.001001 


10 0 10 1 
10 0 10 0 



Table 1. Fibonacci representations and (/^-expansions of some integers 
The result proved in Q is the following: 

Theorem A There exists a letter-to-letter finite two-tape automaton that 
maps the Fibonacci representation of any integer onto its folded p-expansion. 

The automaton A,^ is not constructed directly. Rather, its construction is 
broken up into several steps. The main step in proving Theorem A is the con- 
struction of an automaton 7^ that reads words where the letters have been 
grouped into blocks of length 4, and with the property that there is at most one 
digit 1 in every block. In contrast with A,p, this automaton is remarkably 
simple (c/. Figure^. Its transition monoid is the group 

Indeed, the result proved in H is a generalization of Theorem A, proving 
the property not only for the golden mean p but for any quadratic Pisot unit 6. 
And the corresponding automaton Tg is computed via its transition monoid Gg, 
a group obtained from by a certain congruence ye which is the subject of the 
present paper. 

2 The Result 

A quadratic Pisot unit 9 is the root greater than 1 of a polynomial 

Pg{X) = X'^ -rX-e , 

with either: e = -1-1 and r > 1 — this will be referred to as Case 1, 

or £ = — 1 and r > 3 — this will be referred to as Case 2. 



A Rewrite System Associated with Quadratic Pisot Units 359 



OOOl/JZ 



Fig. 1. The automaton 7^ (partial view: the only transitions represented are 
those labelled by 0 0 0 1 (bold arrows), by 0 0 10 (dashed arrows) and 
by 0 0 0 0 (loops) on the first coordinate; the full labelis given for three transi- 
tions only) 

The elements of the commutative group Z'* are seen as “words” of length 4 
over the alphabet 1 and yg is the congruence generated by the following equali- 
tie^ IfeO = feOl = e01f = 01r£ = 0000. 

Two words in are said to be conjugat^if there exists a circular permu- 
tation of their digits that sends one onto the other. 

The definition of the set Re of reduced words depends then upon the case we 
consider: 

Case 1. r > 1 and e = -1-1. Re is the set of words of with the property that 
they, and all their conjugates, are strictly smaller than r 0 r 0 in the lexico- 
graphic order. 

Case 2. r > 3 and e = —1. Re is the set of words of with the property that 
they, and all their conjugates, are different from r —2 r —2 r —2 r —2 and strictly 
smaller than r— i r —2 r —2 r —2 in the lexicographic order. 

Theorem 1 Every class ofl/^ modulo yg contains exactly one element in Re- 

The proof of Theorem^|is quite different in Case 1 and in Case 2, much 
simpler in the latter case. For Case 1, it is first easily established that every class 
contains at least one element of Re (Part A). The proof of uniqueness is more 
involved. An element, or word, of Z"^ is said to be positive if all its digits belong 
to N. We first consider only positive words and we give an orientation to the 
defining relations of yg . If the rewrite system obtained that way were confluent 
— that is to say, if “no matter how one diverges from a common ancestor, there 
are paths joining at a common descendent” Q — the uniqueness of a reduced 
positive word would follow from a standard argument. What is developped in 
Part B through a detailled analysis is that this reduction “behaves” as if the 

® With the convention that if n is an integer, n denotes —n. 

^ Though this is not the conjugacy relation in the group (which is the identity 
since is commutative). 

® announced, without proof, as Proposition 14 in Q. 
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system were confluent, though it is not. The last (and easy) step amounts to 
verify that reduction pathes through non positive words do not bring any further 
possibilities of equivalence between words (Part C). For Case 2, we directly 
derive a confluent rewrite system from the defining relations of yg . 

3 Proof for Case 1 

Notation and conventions. By definition, yg is generated by the following 
relations: 

lrl0=0000 (1) I01r=0000 (3) 

rl01=0000 (2) 01rl=0000 (4) 

Any linear combination of these relations gives rise to another relation that 
is also satisfied by the congruence yg . In particular (l)+(3), and (2)+(4), yield 
respectively: 

0r0r = 0000 (5) r0r0 = 0000 (6) 

The opposite of a relation (a) is another relation, denoted by (a); e.g. 

Irl0 = 0000. (ly 

By abuse, we denote as the sum w + (a) the digit-addition of w and the 
non-zero member of the relation (a), 1 < a < 4; e.g. 

if w = X y u t , then w -|- (1) = x+i y—r u—i t . 

The notation extends to subtraction: w — (a) = w + (a). 

If w' is obtained from w by adding one of the four defining relations of yg 
or of their opposite, we write w ^ w'; if moreover w and w' are both positive, 
we write w w' . If w' is obtained by a sequence of such additions we write 
w ^ w' and such a sequence is called a path from w to w' . If moreover every 
word encountered on the path is positive, we write w w'. By definition, w 
and w' are equivalent modulo yg if, and only if, w w' . 

The four relations (1) to (4) will also be considered as reductions and written 
as such: 



w ^ w + (a) . 

If both w and w + (a) are positive, we write 

w ^ w + (a) 

and we say that w is positively reducible by (a). If it is not the case, w, supposed 
to be positive, is said to be {a) -irreducible. A positive word is called positively 
irreducible, or p-irreducible, if no such reduction is possible. 

Every word in Rg is p-irreducible but the converse obviously does not hold; 
e.g. 0 r-|-i 0 0 is p-irreducible but not in Rg. 
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In addition to the cases described by these general conventions, we shall also 
write 



OrOr^OOOO and rOrO^OOOO, 

which state that 0 r 0 r , and r 0 r 0 , are positively reducible to 0 0 0 0. But 
this word w = 0 r 0 r (resp. w = r 0 r 0 ) is the only one to which the reduction 
(5), (resp. (6)) may be applied, since they would be otherwise even more cases 
to be analysed later. 

A positive path between two positive words / and g is thus a sequence of 
positive reductions following each other either in the direct or in the reverse 
direction; e.g. 



/ y / + (a) y / + (a) + (/?)— g . 

A last definition: the sum of the digits of an element w of is called the 
weight of w, and is denoted by W{w). A positive word has positive weight but 
the converse does not hold. For any w in Z^ and for any reductions a, (3, and 7 
it holds: 

W(w + (a)) = W{w+ (a) + (/?) + (7)) = W (w) — r , 

and W {w + {a) + {P)) = W {w) . 

Part A. Every class modulo jg contains positive words, by adding (1) + (3) and 
(2) + (4) a sufficient number of times to any word of lP. 

We show, by case examination, that for any positive word w not in i?e, it 
is possible to find a positive path (of length 1, 2 or 3) that leads to a word w' 
which is either in Kg or has a weight reduced by r. Hence, from any positive 
word there exists a positive path reaching Rg , for otherwise it would be possible 
to build a positive path reaching a word of non positive weight, and thus, non 
positive, a contradiction. And then, every class modulo 79 contains at least one 
element in Rg. 

Let w = X y u t be in and not in Rg. Without loss of generality, one can 
suppose that x and u on one hand, and y and t on the other hand, are not both 
greater than r, for otherwise a sequence of reductions (2) + (4) or (1) + (3) could 
be usec| Similarly, one can suppose that no digit greater than r is followed 
by a strictly positive digit for otherwise one of the reductions (1) to (4) could 
obviously be used. 

Since 79 commutes with the circular shift, one can suppose, without loss of 
generality, that y u t x is the largest circular factor (in the lexicographic order) 
of w = X y u t . Since we suppose that w is not in Rg, i.e. y u t x is greater 
than r 0 r 0 in the lexicographic order, it implies from the above remark that 

a;<r— 1, y > r + 1, u = 0 and t < r — 1 . 

® in the case where the other two digits {y and t, or x and u) are 0, this sequence is 
prefixed by (1) (resp. (2)) and suffixed by (1) (resp. (2)) 
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We then apply (4) followed by (1): 



w = X y 0 t X y—i r t+i ''=4 x+i y—r—i r—i t+i = w' 



( 1 ) 



We have W{w) = W{w'). Which relation can be further applied to w' then 
depends on the actual values of x, y, and t, and we have to examine the different 
possible cases. 

(3) 

1 Ift = r — 1, then w' = x+i y—r—i r—i r ^ x y—r—i r 0 = w" . 

2 If f < r — 2 (and thus r > 2) 

2.1 If a; = r — 1 

2.1.1 If y = r + 1, then w' = r 0 r—i t+i is in Rg . 

2.1.2 If y > r + 2, then 

(2) 

w' = r y—r—i r—i t+i => 0 y—r —2 r—i t +2 = w” 



2.2 If a; < r - 2 

2.2.1 If y < 2r, then w' = a;+i y—r—i r—i t+i is in Rg . 

2.2.2 If y > 2r+ 1 



w' = a;+i y—r—i r—i t+i 



( 1 ) 



x +2 y— 2 r—i r —2 t+i = w 



is a positive word since r > 2. 

Thus, as announced, in any case, a positive word w is lead either to a word 
of strictly smaller weight by a positive path of length 1 or 3 or into Rg by a 
positive path of length 2. 

Part B. The system defined by the relations (1) to (4) — oriented, as in Part 
A, from left to right — is not confluent when it is restricted to positive words. 

It is easy to vei^, by inspection on the possible values of the digits of w, 
the following claimij 



Claim 1 Let w be a positive word; then, i) ' 

that there exists a (positive) word v sueh that w' 

id 
(2) 



(\) 



(3) 



w' and w 
( 1 ) 



(3) 



imply 



V and w” v. Similarly, 
ii) w ^ w' and w ^ w" imply that there exists a (positive) word v such that 



w ^ v and w 



v. 



( 1 ) 



Claim 1, i) 



(3) 

II 


/ n 


/ n 


w 

y/ 

'/ 

(1) 


W W 

( 4 )%/^ 2 ) 


W W 


i) 


Claim 1, ii) 


Claim 2, i) 



^ The diagrams express the claims: the reductions that hold by hypothesis are drawn 
with solid arrows, the reductions that are deduced from the claims are drawn with 
dashed arrows. 
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Claim 2 Let w be a positive word and suppose that w ^ w' and w ^ w" hold. 
Then: i) w" (!) -redueible implies that w' is {4) -reducible and vice versa; 

ii) w" {4) -reducible implies that w" is {\)-reducible as well (and thus w' is 
(4) -reducible); 

iii) w" (3) -reducible implies that both w and w' are (3) -reducible; 

iv) w" {2) -reducible implies that w is {2) -reducible. 




Claim 2, ii) Claim 2, iii) Claim 2, iv) 



These first two claims deal with the cases where the reduction behaves as if it 
were confluent; the next one describes in detail the case where the reduction is 
not confluent: one of the branch happens to be a deadend from where one cannot 
escape by another derivation than the branch itself. 

Claim 3 Let w be a positive word. Suppose that w' and w ^ w" hold and 
that w" is p-irreducible. Lf there exists two (positive) words h and k and two 

distincts reductions (a) and {(3) such that h W w” and h k, then necessarily 
i) h = w [and (a) = (4)/; ii) if k ^ w' then (/3) = (3). 

(4) = (a) 

‘ V ”<1 

w' I w" I k ^ w' (d) k w" 

Proof. Let w = x y u t; thus w" = x y+i u—r t—i . 

The hypothesis implies that: 

y > r since w is (l)-reducible; u = r, since w" is (l)-irreducible and y > r; 
X < r, since w" is (2)-irreducible; and f < r+1, since w" is (3)-irreducible. 

( 3 ) 

Now, h ^ w" is impossible since w" = x y+i 0 t— i . 

Suppose h y w"; then h = x-\-r y +2 0 t —2 which makes ft, ^ fc or ft, ^ fc 

( 3 ) 

impossible; ft => ft is impossible as well since t < r + 1. 

Suppose ft y w"; then ft = x—i y+r+i 1 t—i which implies r > 1 since 
X < r. Now ft ^ ft is impossible since r > 1; ft ft is impossible since t < r + 1 

and ft y ft is impossible since x < r. 

The only possibility left by (a) yf (/3) is thus (a) = (4). 

As before, (/3) = (2) is impossible since x < r and the claim is established. ■ 

A simple verification leads to the following claim. 
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Claim 4 Let w be a positive word; w w' and w w" imply that w" does 

^) / j (1) // 

or w ^ w and w ^ w , or 



not belong to Rg. Similarly, w w' and w ^ w'‘ 



(2) ^ 
w ^ w' and w w" imply w" ^ Rg . 



(\) 



The collection of claims we have just established allows us to adapt the 
classical scheme of the demonstration of the uniqueness of reduced words in a 
class modulo a confluent relation. Let us suppose, by way of contradiction, that 
there exist distinct / and g in Rg with the property that there exists a positive 
path between them. [Recall that a positive path is a sequence of reductions (1), 
(2), (3) or (4) between positive words — together with the possible occurrence 

ofOrOr^^OOOO and ofrOrO^OOOO — in either directions.] 

Since / and g are both p-irreducible, such a path II must contain a ''''peak '’'’ , 
that is a factor 

w ^ w ^ w of the form w ^ w ^ w 



The path II thus contains a peak of maximal weight', the weight of such peak 
will be the weight of the path II. Pathes are then ordered by weight and pathes 
of equal weight are ordered by the number of peaks of maximal weight. 

In the set of all positive pathes between / and g — non empty by hypothesis 
— let us choose a minimal path TTq, i. e. a path of minimal weight with a minimal 
number of peaks of maximal weight. Notice that by a circular permutation of 
every word of a path, and a possible exchange of the extremities, the weight of 
a path is unchanged and thus the effect of such a transformation on IIq gives a 
minimal path. 

Let w be one of the peaks of maximal weight in TTq and let w ^ w' and 

w w” be the two reductions that go out of w on IIq, which can thus be 
written in the following form: 




By Claim H it is not possible to have a = 1 and P = 3', for otherwise we 
would have a word v such that w' v and w" ^ v and thus the path 




is smaller than IIq, a contradiction. For the same reason it is not possible to 
have a = 2 and /3 = 4. 

Up to a circular permutation of every word on IIq, and a possible exchange 
of / and g, we can assume that a = 1 and /3 = 4. By Claimji) and ii), and with 
same argument as just above, w" is neither (1)- nor (4)-reducible. By Claim| 

( 3 ) ( 3 ) 

iii), w" is not (3)-reducible for otherwise we would have w' ^ v' , w ^ v and 

( 3 ) 

w" v" and since reductions commute we would get the path 
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which again is smaller than Uq. We have now to consider the remaining two 
cases: case a) w” is not (2)-reducible (and thus w” is p-irreducible) , or case b) 
w" is (2)-reducible. Note that w" is neither (5) nor (6)-reducible. 
case a.- w” is p-irreducible. By ClaimJ w” is not in Rs and thus not equal 
to g. The path TJq factorizes into 



j w ^ w ^ w h k ^ g . 



The only possibilities left by Claimjfor the reductions w" 

case a.l.- w‘ 
and 



h k are either 



w = h k = w' in which case w" is indeed a dead end in TTo 



f g 

is a path smaller than Uq, a contradiction; or 

case a.2.- w” w = k in which case w" is again a dead end in Uq which 
reads 

J ^ w -^w = n^k^g , 
a case that is ruled out by Claim 1; or 

(a) (7) 

case a.3.- w” <= h ^ k in which case k has a greater weight than w, another 
contradiction. 

case b.- w" is (2)-reducible. By ClaimHiv), w is (2)-reducible as well. If w' is 
also (2)-reducible the situation is the same as if w” were (3)-reducible and leads 
to a contradiction. Let us suppose then that w' is (2)-irreducible and let us sum 
up the constraints on the digits oi w = x y u t given by all hypothesis we have 
made up to that point. 



f I 4- 'ZA 4- 

w = x-\-i y—r u—i t <=w=xyut=> 

w = X y+1 u—r t—i => x — r y u—r t 

w" (l)-irreducible implies u = r and thus w' is (4)-irreducible; w' (2)- 
irreducible implies y = r (and thus w' is (l)-irreducible). There are thus two 
possibilities: case b.l), w' is (3)-reducible or, case b.2), w' is p-irreducible. Note 
that w' is neither (5) nor (6)-reducible. 

case b.l.- w' is (3)-reducible; w" (3)-irreducible implies t = r. The path Uq 
reads then 

* (1) (4) * 

x+i 0 r — 1 r <^w=xrrr^ x r-|-i 0 r — 1 g . 

If X is greater than r, the path 



r * I n (3) n O I O (2.^ I 1 

/ a; -1-1 0 r— 1 r a; 0 r 0 4= a; — 1 r r-l-i 0 x — r-i r—i r-l-i 1 

(iL) , (i) n I n A 

4 = X — r r—i r r+i => x — r r U r x r-|-i L) r— 1 g 



(2) 
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is smaller than TTq. If a; = r, the path 

/ x+i Or— ir ^rOrO^^OOOO^OrOr^^ a;r+iOr— i g 

is again smaller than Uq, and of a form consistent with the hypothesis on a 
positive path. Contradiction for any possible value of x. 

case b.2.- w' is p-irreducible. Since w is (2)-reducible and using ClaimJ we 
can transform the path Uq into a path Uq 

j w ^ w ^ w 

which is also minimal. The image of Uq' by the circular permutatiorj of the 
digits (7~^ then reads 

7 A " (jb / ,* 7 

with k = I — m = m" = and m' = a~^{w"'). 

As w', m" is p-irreducible and we are back to case a), that leads to a contradic- 
tion. 

This terminates the proof of the fact that no two distinct elements of Rq can 
be joined by a positive path. 

Part C. It remains to show that if two elements / and g of Rq are congruent 
modulo 7 e, they are equal. Indeed, / and g are congruent modulo yg if, and only 
if, f g, that is, if, and only if, there exists a path E between / and g. The 
idea is to “lift” the path E into a positive path II between / and g (as sketched 
on Figure^ and the conclusion follows from Part B. 




The lifting relies on a lemma and a remark. 

Lemma 1 Let n be any positive integer and let hn be the word 

hn = nr nr nr nr . 

For any f in Rq there exists a positive path f + hn ^ f ■ 

® Where the last digit becomes the first one; we denote it by and not, more 
simply, by a to be consistent with the previous paper (Q) 
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Proof. If / = 0 0 0 0, the path may begin with 

0000 ^^rOrO 

and thus one can assume that at least one digit of / = x y u t is strictly 
positive. Up to a circular permutation, we suppose that this digit is x. One has 
the sequence: 



r r (i) I I + © I r I 

j = X y u t ^ x — i y+r u+i t 4= x y+r u t+r 

U x+r y+r+i u t+r— i x+r y+r u+r t+r = f + h\ 

Without any further care on the order of the rewriting, one has 

t I r (l)+(2)+(3)+(4) 

j + hi -^= j + hi+i 



for any positive i and then f ^ f + hn for any positive n. 



Remark 1 Let u and v be two non positive elements of and k the lower 
bound of the digits in u and v; let n be a positive integer such that nr > —k. If 

u V, then u + M u + for any reduction (a). 

Let S be any path of reductions that links / and g, which we write / < — > g 
. It is clear now how to lift S: let k be the lower bound of the digits of the words 
that appear in E and let n as above, i.e. such that nr > —k. Let f = f + hn 
and g' = g + hn- We have, by LemmaH 

/ ^ < — >9 ^9 

and by the remark “ E + hn ” is a positive path. Thus f ^ 9 implies f ^ 9 
which has been shown impossible and this complete the proof of the proposition 
in Case 1. ■ 



4 Proof for Case 2 

Unless otherwise stated, all notation and conventions described in the previous 
section are still valid. The congruence yg is now generated by the following 
relations: 

1 r 1 0 = 0 0 0 0 (!’) lOlr = 0000 (3’) 

rlOl = 0000 (2’) Olrl = 0000 (4’) 

which can be turned into a rewrite system (5) by giving the orientation from 
left to right: 



1 r 1 0 ^ 0 0 0 0 



etc. 
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Let us recall also that Rq is now the set of words of with the property that 
they, and all their conjugates, are different from r— 2 r— 2 r— 2 r— 2 and strictly 
smaller than r— 1 r— 2 r— 2 r— 2 in the lexicographic order. 

It is immediate to check that for any positive word w and any two distinct 

reductions (a) and (/3) in (5), if w W w' and w w" hold, then w' v 
and w" V hold as well. 

This fundamental difference with Case 1 can be stated as follows: 

Claim 5 (S) is confluent on the set of positive words. ■ 

We are not yet done, for the rewrite system (5) is not equivalent to jg on 
the set of positive words. But the solution is at hand and will be reached by the 
construction of a richer system. 

Let (T) be the rewrite system obtained by adding any subset of relations 
in (5). We get then the following relations. 

“ “ 11 ^ 0 0 0 0 (5’) 1 1 “ “ ^ 0 0 0 0 (7’) 

“11“ ^ 0 0 0 0 (6’) 1““1 ^ 0 0 0 0 (8’) 

that is: iQ = + + = ^1 + ^1 = ^1 + ^1- 

r— 1 2 r— 1 r— 2 ^ 0 0 0 0 (9’) r— 1 r— 2 r— 1 2 — *■ 0 0 0 0 (11’) 

2 r— 1 r— 2 r— 1 ^ 0 0 0 0 (10’) r— 2 r— 1 2 r— 1 ^ 0 0 0 0 (12’) 

that isj^Q = |B -hQ, = iD+^9 -hQ, ^9 =^9 +^D + Q 
and ^3 = + + ^JTAnd finallyl[J= ^1 + ^1+ 

r—2 r—2 r—2 r—2 ^ 0 0 0 0 (13’) 

A simple case inspection shows that 

Claim 6 Rg is the set of irreducible words for the system {S + T). ■ 

The core of the proof lies then in the following: 

Claim 7 (5 + T) is confluent on the set of positive words. 

Proof. Since we have not spared him the slightest detail yet, the reader may 
be scared by the prospect of checking the 78 critical pairs of the system (5 + T). 
Hopefully, thanks to the symmetries and the very specific form of the relations, 
the number of cases to be examined boils down to 11, of which we shall make 
only 3 explicit. 

Let w = X y u t be a positive word and suppose that w W w' and w w” 
hold. By ClaimB one can assume that (a) and (/3) are not both in (5). Up to 
an exchange of (a) and (/3), we suppose that fl is in (T). 

1 (a) is in (5). Up to a circular shift, one can assume that (a) = 

1.1 (/3) “contains” (a), i.e. it exists (7) in {S + T) such that (/3) = 

(a) + (7). 
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(■-y) 

Then, obviously, w' w” . 

1.2 (/3) does not “contain” (a); the only possibilities are (/3) = 

or Immediate computations show that w' v and w" W v hold as well. 
For instance, let (/3) = iQ; it comes: 



and 



X y u t 
X y u t 



g 

g 



x+i y—r u+i t = w' 

a; — r+i y+2 u—r+i t—r+2 = w" . 



(14’) 

(15’) 



From 



follows y > r and thus w" 



from 



g 



follows a;, u > r— i. 



t > r—2 and thus 

2 (a) is not in (5). By symmetry, one can assume that (/3) is as “large” as (a), 

i.e. is the sum of as many relations from (5) as (a). Up to a circular permutation, 
one can assume that (a) = or iQ (since (a) = ^3 implies (/3) = ^3). 

2.1 (/3) “contains” (a). Same solution as in 1.1. 

2.2 Case 2.1 does not hold. Then there exist ( 7 ), (5) and (e) in (5 + T) 
such that (a) = ( 7 ) + (5) and (/3) = ( 7 ) + (e). It is then a matter af immediate 



computation to verify that, in every case, w 
possibilities are: 

2 . 2.1 if (a) = then (/3) = 
For instance, let (/3) = iQ; it comes: 



! U) 



and 



(■5) 



V hold. The only 



or 



and 



X y u t 
X y ut 



x — r+i y—r+i u+i t+i = w' 
x — r+i y+i u+i t—r+i = w" 



(16’) 

(17’) 



follows y > r — 1 , thus y+i > r and thus w‘ 



, or 



From 



follows t > r—i, thus t+i > r and thus w' mv. 



v: from 



2 . 2.2 if (a) = n. 
For instance, let (/3) = 1^3 



, then (/3) = 
it comes: 



and 

From 



X y u t 
X y u t 



a; — r+i y+2 u—r+i t—r+2 = w' 
x+2 y—r+i u—r+2 t—r+i = w" 

m 



(18’) 

(19’) 



follows X > r—i, thus a; + 2 > r and thus w" 

follows y > r—i, thus y+2 > r and thus w' v. 

The claim is established. 



T, from 



Case 2 is no w imm ediately settled. Every class modulo 79 contains positive 
words, by adding )^3' to any word of a sufficient number of times. And any 
positive word reduces to a unique word in Rg , using reductions in {S + 'T). 
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Two words / and g of Re are congruent modulo je if, and only if, f ^ g, that 
is, if, and only if, there exists between / and g a path E consisting in reductions 
of (5) taken in either directions. As in Case 1, this path E can be “lifted” into 
a positive path U by using of the same reduction before. Since we can 

use that reduction, the actual value of / has not to be taken into consideration 
— in other words, LemmaJ becomes trivial — and the lifting is even simpler 
than in CASE 1. 

By construction, the path II consists in reductions of (5 + T). By Claims^ 
andj two distincts words of Rg cannot be joinned by such a path, hence f = g. 

And this completes the proof of Theorem H ■ 
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Abstract. This note presents a fast version of the classical algorithm 
to represent any symmetric function in a unique way as a polynomial in 
the elementary symmetric polynomials by using power sums of variables. 
We analyze the worst case complexity for both algorithms, the original 
and the fast version, and confirm our results by empirical run-time ex- 
periments. Our main result is a fast algorithm with a polynomial worst 
case complexity w.r.t. the total degree of the input polynomial compared 
to the classical algorithm with its exponential worst case complexity. 
Keywords. Symmetric polynomials, dynamic power sum representa- 
tion, fast rewriting techniques 



1 Introduction 

Symmetric polynomials play an important role in algebra and its applications. 
In particular, many proofs in the theory of algebraic numbers refer explicitly to 
them. Resultants ^3 and Sturm sequences can be generated as symmetric 
polynomials. The unique representation of a symmetric polynomial as a poly- 
nomial in the elementary symmetric polynomials §33] is an important and 
central method in algebra, which occurs, e.g., in GauB’ (second) proof of the 
Fundamentalsatz of the algebra in 1812 Q section 3.1], or in Galois Theory Q. 
It is therefore reasonable to search for fast algorithms and reduction techniques 
to compute this representation for any symmetric polynomial and analyze 
their complexity. 

A comprehensive and very detailed analysis of the complexity of the classical 
algorithm was done by Lauer and Loos In addition, they have shown 

that a special representation of symmetric polynomials and its corresponding 
arithmetic lead to a significant empirical run-time improvement. In the following 
we call this method the Lauer-Loos algorithm. 

Another approach was studied in Q. Their method expresses the orbits of 
a symmetric polynomial as a sum of determinants in the elementary symmetric 
polynomials: The orbits are first represented in terms of Schur polynomials, 
which are then evaluated as determinants in the elementary symmetric polyno- 
mials. 

In this paper, we present a fast reduction technique using a dynamic power 
sum representation of symmetric polynomials to compute the representation in 

P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 371-^^| 1999. 

@ Springer-Verlag Berlin Heidelberg 1999 
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terms of the elementary symmetric polynomials, i.e. in the first phase of the al- 
gorithm all power sums up to the total degree of the given polynomial are used 
for the representation. In a second phase, a post-processing step follows to com- 
pute the representation in terms of the elementary symmetric polynomials. In 
a simplified worst case complexity analysis, we show how this approach reduces 
the exponential run-time of the classical algorithm to a polynomial run-time, and 
we confirm our results by a set of benchmark experiments. Our empirical results 
will show, e.g., that our fast rewriting technique is superior to the classical al- 
gorithm in the average case, and moreover, that it outperforms the Lauer-Loos 
algorithm. 

We proceed as follows: Section ^recalls the basic definitions and the classical 
algorithm. Section | presents a power sum algorithm which leads to the fast re- 
duction algorithm developed in Section^ Furthermore, we explain the necessary 
pre- and post-processing steps for the fast version, present empirical run-times, 
and compare our results with other work. In addition. Section m and ^con- 
tain a simplified worst case complexity analysis w.r.t. the number of monomial 
multiplications during the reduction. Section^ presents our conclusion. 

2 The Classical Rewriting Technique 

Notation: Let Q be the set of rational numbers, let Q[Xi, . . . , Xn] be the com- 
mutative polynomial ring over Q in the indeterminates Xi, let T be the set of 
terms (= power-products of the Xi) in Q[Xi, . . . , X„], and let T{f) be the set 
of terms occurring in f G Q[Xi, . . . , with non-zero coefficients. Maximal 
variable degree and total degree of t G T and / G Q[^i, ■ ■ ■ , Xn] are defined as 
usual. Xl^ . . . Xn'' is called descending, if ei > . . . > e„. 

Sn denotes the symmetric group, Q[Xi, . . . , Xn]^" the set of symmetric poly- 
nomials in Q[Xi, . . . , Xn], and 

orbit s^{t) = s 

sG{ir(t)|iT-GS„} 



the symmetric orbit of t. 

We assume in the following that the multiplication of two monomials in n 
variables can be done in a constant amount of time, and that the run-time of an 
algorithm is linear w.r.t. the number of necessary monomial multiplications. 

We first recall the basic facts about the classical algorithm that represents any 
symmetric function as a polynomial in the elementary symmetric polynomials 



ai — Xi X2 -|- . . . -I- Xn , 

(72 = ^1-^2 + -^1-^3 -k ■ . ■ -k Xn-lXn, 






XiX2...Xn. 
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The i-th elementary symmetric polynomial has ^ j J monomials and cti , . . . , (t„ 
are algebraically independent. 

Theorem 1. Let f G Q[^i, ■ ■ ■ , Then / has a computable representation 



as f — p{cfi, . . . , Gn), where p G ■ ■ ■ , Xn] is uniquely determined by f. 

Proof. See Q section 10.7]. Let max-desc(/) be the maximal descending mono- 
mial in / w.r.t. the lexicographical term order. Then the polynomial p G 
Q[Xi, . . . , Xn] can be computed as follows: 

Algorithm 1. Classical Algorithm 

1. INPUT f G Q[Ai, . . . , lex. term order; 

2 . 

3 

4 

5 



f ■■= /; P ■■= 0; 

WHILE f ^0 DO 

. . .A®" := max-desc{f); 

p-.= p+a-xi^-^N ..xirr^'^x: 



^n—1 

e-n-i 

'n-1 






f '■= f — o-' 

END WHILE; 

OUTPUT f = p{ai , . . . , (T„) with p G 



n ? 
n ’ 



,A„ 



, Xn] as stated in Theorem!^ 



Corollary 1. Let f = p{ai, . . . , (t„) e Q[Ai, 
and assume that the maximal variable degree of f is at most d. Then p has a 

n + d 



maximal variable degree of at most d and at most 



n 



monomials. 



Proof. The maximal variable degree bound for p is a consequence of Algorithm^ 
the number of descending terms with a maximal variable degree of at most d 
n + d 



IS 



. This is a bound for the number of loop-runs in Algorithm^ for a 
given polynomial / and therefore for the number of monomials in p. 

Lemma 1. Let f G Q[Ai 



. ,A„]*" with a maximal variable degree d. Then 



the classical algorithm needs at most 0{ 



n + d 
n 



r{n)‘^) multiplications of mono- 



mials to compute the representation, where 



r(n) = max{ 



|1 < z < n} = 



n 

rti 



Proof. The number of descending terms with a maximal variable degree of at 
most c? is ^ ) ^’^tl any term has to be reduced at most once. Each elemen- 

tary symmetric polynomial has at most r(n) monomials and we have to multiply 
at most d elementary symmetric polynomials during a single loop-run. 

The number of monomial multiplications for the classical algorithm is — 
from the point of view of worst case complexity — exponential in the maximal 
variable degree d of the given polynomial / G Q[Ai, . . . , An]"®" . 

The number of monomials of the input polynomial / G Q[Ai, . . . , A„]‘®’* and 
the output polynomial p G Q[Ai, . . . , A„] of Algorithmjis always polynomial 
in the maximal variable degree d and also in the total degree D. 
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3 The Power Sum Rewriting Technique 

It is well known, that any symmetric polynomial can be also represented as a 
polyn omial in the first n power sums Sj = Xf + . . . + with 1 < j < n 
Any polynomial Sj has n monomials and si, s„ are algebraically 
independent. In contrast to this result, our next algorithm uses dynamically all 
power sums Sj for 1 < j < up to the total degree D of the given polynomial 
/gQ[Xi,...,X„]S". 

Theorem 2. Let f G Q[Xi, . . . , Xn]"®" be a polynomial with a total degree of 
at most D. Then f has a computable representation as f = p{si , . . . , sd) with 
PGQ[Xu...,Xd]. 

Proof. Let min-desc(/) be the minimal descending monomial in / w.r.t. the 
lexicographical term order. Then the polynomial p G Q[Xi, . . . , X^i] can be 
computed as follows: 

Algorithm 2. Power Sum Algorithm 

1. INPUT f G Q[Xi, . . . , Xn]"®"; lex. term order; 

2. f := /; p := 0; Xq := 1; sq := 1; 

3. WHILE f DO 

4 . aX®^ . . . X®" := min-desc{f) ; c := coeff. of X®^ . . . X®" in Se^ . . . Se„; 

5. p:=p+f -Xe, ...Xe„; 

6- / := / - f • Sei . . .Se„; 

7. END WHILE; 

8. OUTPUT f = p{si,...,sd) with p e Q[Xi, . . . , Xd]; 

The loop invariant is / = / + p(si, . . . , sd). Every pass through the while-loop 
removes at least the symmetric orbit containing aX®^ . . . X®" from / and adds 
only symmetric orbits to / which have a higher descending head term w.r.t. the 
lexicographical term order. The number of descending terms with a maximal 
variable degree of at most D is finite, i.e. / = 0 will be reached after finitely 
many cycles. 



Corollary 2. Let f = p(si , . . . , sd ) G Q[Xi, . . . , Xn]"®" as stated in Theorem^ 
Purthermore, let k = max{^"^^ c5(ei) | X®X . . X®" G T(/)} with 6{e) = 0, if 
e = 0, and S(e) = 1, if e ^ Q. Then p has a total degree of at most k < n and at 



most 






monomials. 



Proof. The total degree bound for p is a consequence of Algorithm^ any poly- 

'p) -l_ ^ 

nomial in D variables with a total degree of at most k has at most ' 
monomials 



^ Another basis for Q[Xi, . . . , X„]®" are, e.g., complete symmetric functions. 
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Lemma 2. Let f £ Q[Xi, . . . , with a total degree D. Then the power 

sum algorithm needs at most ^”) multiplieations of monomials to 

eompute the representation. 

Proof. The number of terms with a total degree of at most D is 

and any term has to be reduced at most once. Each power sum consists of n 
monomials and we have to multiply at most n power sums during a single loop- 
run. 



n + D\ 
n J ’ 



The number of monomial multiplications for the power sum algorithm is — 
from the point of view of worst case complexity — polynomial in the total degree 
D of the given polynomial / £ . . . , . In a single loop-run, the amount 

of work to do depends only on the number of variables n. 



4 The Fast Rewriting Technique 

The basic idea for a fast reduction of symmetric polynomials is to use Algorithm^ 
instead of Algorithmjand perform some pre- and post-processing steps. This 
notion is carried out in this section. 

Lemma 3. The following relations between the elementary symmetric polyno- 
mials and the power sum polynomials are satisfied: 

1. Sj — aiSj-i -£ a 2 Sj -2 — ... -I- (— 1)-’“ -I- {—lyajj = 0 for I < j <n. 

2. Sj - aiSj-i (J 2 Sj -2 - ... -I- (-1)"“ -I- = 0 for 

j > n. 

Proof. The relations in (1) are the Newton’s identities and a proof can be found 
in Q. For the proof of (2), we observe that 

akSj-k = orbit s„{Xl~''~''^X 2 . . .Xk) orbit s„(Xl~’' X 2 . . .Xk+i) 

for 1 < fc < n — 1 and anSj-n = orbit s^{X{~^'^"’ X 2 . . .Xn). Hence, the alter- 
nating sum equal to —Sj, and therefore (2) is valid. 

4.1 LFsing Only Post-Processing 

The change of the representation from the power sum algorithm to the repre- 
sentation of the classical algorithm can be achieved as follows: 

Algorithm 3. Post-Processing Step 

1. INPUT f = p(si, ...,sd) with p £ Q[Ai, . . . , Xd]; 

2. Consider p as elem. 0 / Q[(Ti, . . . , cr„] [Ai, . . . , A^i]; 

3. FOR j :=D TOn+l BY -1 DO /* Lemma^(2) */ 
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FOR j :=n TO I BY -1 DO /* Lemma^(l) */ 

5. OUTPUT f = p{ai,..., an) with p £ Q[Xi, . . . , X^]; 

Termination of Algorithmjis obvious. Correctness is due to Lemmajand the 
fact that the representation computed by the classical algorithm is unique. 

We have implemented the classical algorithm and the fast algorithm, i.e. the 
power sum algorithm and the post-processing step in the invariant package of 
MAS The distributive polynomial representation over the rational numbers 
was used. All run-times of the benchmark test in Tablejwere obtained on a SUN 
Ultra-Sparc running Solaris 2.5.1. Each entry in the table shows the run-time in 
seconds for (?) the classical algorithm and {ii) the fast algorithm using power 
sums and the post-processing step for the reduction of all symmetric orbits in n 
variables with a total degree D for different values of n and D. In addition, the 
table contains {in) the percentage how often the fast algorithm was superior to 
the classical algorithm. 



Tot. Class. Alg. / Pow. Sum Alg. -I- Post-Proc. / % 



Deg. D 


n 


= 5 


n 


= 6 


n = 7 


n = 8 


5 


1.6 


1.2 58 


4.4 


2.8 72 


13.0 8.3 72 


40.9 29.6 72 


6 


4.3 


2.1 70 


14.3 


6.3 64 


43.0 16.6 73 


125.8 54.6 73 


7 


9.8 


3.9 62 


37.7 


10.8 65 


125.5 33.5 60 


374.1 100.6 67 


8 


25.3 


7.9 62 


112.6 


22.2 65 


416.8 63.9 77 




9 


59.4 


15.8 61 


304.8 


43.8 66 


1265.1 131.8 72 




10 


139.2 


32.5 57 


827.8 


92.0 66 


3858.7 269.7 69 




12 


650.7 151.7 56 


4989.8 413.0 66 






14 


2658.6 708.7 50 











Table 1. Empirical run-time results [sec.] (using only post-processing) 



Additional experiment information is given in Tabled The entries indicate 
the absolute number of all symmetric orbits in n variables with a total degree D 
for different values of n and D, which where used in our experiments. For exam- 
ple, for n = D = 5 we have the 7 symmetric orbits orbits^iX^), orbit s^{XfX 2 ), 
orbit syxfxy), orbit syXlX2Xyj, orbits^ (AJA2A3A4), orbit s^X^X^Xy, and 
orbit syXiX 2 X^XiXy) (cf. Tablefl. The total time for the reduction of these 
polynomials was 1.6 sec. with the classical algorithm and 1.2 sec. with the fast 
algorithm. In 58% of the cases the fast algorithm was superior to the classical 
algorithm (cf. Table J. 

The results shown in Tablejare promising: In all cases, the fast algorithm 
was superior to the classical algorithm in more than 50% of the reduction tasksj 
And when looking at the average run-times of all reductions the fast version 
shows speed-ups of up to 12 and more compared to the classical algorithm. 

^ Note that the fast version has no chance to beat the classical algorithm when com- 
puting representations for polynomials like, e.g., orbits„{Xl . . ■ X„) = a®. 
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Tot. Number of Symmetric Orbits 
Deg. D n = 5 n = 6 n = 7 n = 8 



5 


7 


7 


7 


7 


6 


10 


11 


11 


11 


7 


13 


14 


15 


15 


8 


18 


20 


21 




9 


23 


26 


28 




10 


30 


35 


38 




12 


47 


58 






14 


70 









Table 2. Additional experiment information 



We omit here to state and prove a bound for the number of monomial multi- 
plications, because it doesn’t seem to lead to a theoretical result which confirms 
our run-time experiments. A similar phenomenon occurred in the work of Lauer 
and Loos They could show that a special representation of symmetric 

polynomials speed-up the classical algorithm but the theoretical analysis of their 
approach did not confirm this. The next section shows that we can handle this 
problem by introducing a pre-processing step and a modified post-processing 
step. 



4.2 Using Pre- and Post-Processing 

For a fixed number of variables and a given upper total degree D, we can simply 
pre-process the power sums si, i = 1, . . . , D and compute their representation as 
polynomials in the elementary symmetric polynomials by using Lemma^or the 
classical algorithm. Once this is done, we can come up with the following result 
for a modified post-processing step. 

Lemma 4. Let / = p(si , . . . , sd) G Q[Ai, . . . , be a representation com- 

puted by the power sum algorithm, and let si = pi((Ti, . . . , (t„), . . ., sd = 

( n — b D \ 

Ld(o’i, . . . , cr„). Then we need at most 0{nD ( ^ ) ) n^ultipUcations of 

monomials to compute the representation of Algorithm^ 

Proof. The change of the representation from the power sum algorithm to the 
representation of the classical algorithm can be achieved as follows: 

Algorithm 4. Modified Post-Processing Step 

1. INPUT f = p{si, ...,sd) with p G Q[Ai, . . . , Xd]; 

Si — ..., Sjj — pr){^G\, . . . , (7ri) , 

2. Consider p as elem. o/ Q[(T i, . . . , cr„] [Ai, . . . , A^i]; 

3. FOR j := 1 TO D DO p{sj+i, . . . , sd) := . . . , (t„), s^+i, . . . , sd); 

I OUTPUT f = p{ai,..., an) with p e Q[Xi, . . . , X^]; 
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Termination and correctness of Algorithm | is obvious. Any pj has at most 
^ ^ ^ ^ monomials (cf. Corollary^ and any term in p has a total degree of at 
most n (cf. Corollary^. In the worst case, we have to compute p^, . . . , p^ during 



step j of the loop in Algorithm^ which needs at most 0{n 



n + D 
n 



plications of monomials. Furthermore, we have to multiply at most 



) multi- 
n + D 



monomials of p (cf. Corollary^ with at most 0{ 



) monomials of p^ for 



some 1 < fc < n. Putting all together and considering the number of loop-runs D 

' fl-\- £) \ 

) multiplications of monomials during the 



implies at most 0{nD 
execution of Algorithm 



L 



The number of monomial multiplications for the modified post-processing 
step is — from the point of view of worst case complexity — polynomial in the 
total degree D of the given polynomial / S Q[Ai, . . . , An]"®" . Therefore, the 
fast version consisting of Algorithmflfollowed by Algorithm Jhas a worst case 
complexity which is polynomial in D, and so also polynomial in the maximal 
variable degree d of /. This is a significant improvement compared to the classical 
algorithm, which has an exponential worst case complexity in d w.r.t. the number 
of monomial multiplications. 

The run-times presented in Table | confirm this theoretical analysis: The 
setup for this experiment was precisely the same as for Tabled (see also Tabled. 
We have assumed that the representations of si, . . . , sd have been computed 
before in a pre-processing step. Each entry in the table shows the run-time in 
seconds for (z) the classical algorithm and (zz) the fast algorithm using power 
sums and the modified post-processing step for the reduction of all symmetric 
orbits in n variables with a total degree D for different values of n and D. In 
addition, the table contains (zzz) the percentage how often the fast algorithm 
was superior to the classical algorithm. 



Tot. Class. Alg. / Pow. Sum Alg. -I- Mod. Post-Proc. / % 
Deg. D n = 5 n = 6 n = 7 n = 8 



5 


1.6 


1.0 


72 


4.4 


2.7 


72 


13.0 


00 


72 


40.9 


28.8 


72 


6 


4.3 


1.8 


70 


14.3 


5.7 


64 


43.0 


15.1 


73 


125.8 


49.6 


82 


7 


9.8 


3.1 


62 


37.7 


9.4 


65 


125.5 


29.4 


74 


374.1 


85.7 


74 


8 


25.3 


5.2 


67 


112.6 


17.7 


70 


416.8 


53.1 


77 








9 


59.4 


8.3 


70 


304.8 


31.0 


74 


1265.1 


104.7 


75 








10 


139.2 


13.0 


74 


827.8 


55.4 


72 


3858.7 


198.1 


72 








12 


650.7 


30.0 


75 


4989.8 


151.3 


75 














14 


2658.6 


64.4 


76 





















Table 3. Empirical run-time results [sec.] (using pre- and post-processing) 
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The results shown in Table | are again very promising: In all cases, the 
fast algorithm was superior to the classical algorithm in more than 62% of the 
reduction tasks. And when looking at the average run-times of all reductions, the 
fast version leads to speed-ups of up to 15 and more compared to the classical 
algorithm. Furthermore, this fast version shows speed-ups in all cases compared 
to the previous fast version. 

4.3 Comparison with Existing Algorithms 

In order to obtain an empirical comparison with existing fast reduction methods 
we have implemented the Lauer-Loos algorithm in MAS. This algorithm is known 
to be very fast Q table 3]. It works precisely in the same way as the classical 
algorithm, but uses a special, space economical component representation for 
symmetric polynomials together with its corresponding arithmetic during the 
reduction process. Simply speaking, the more variables are involved in the re- 
duction problem, the larger the benefit due to the component representation and 
arithmetic, and the more powerful and swift is this algorithm. 

Figure^ displays the results of our benchmark experiments: Each run-time 
(y-axis, logarithmic scaling) is, once again, the result of the reduction of all 
symmetric orbits in n variables with a total degree D for different values of D 
(a;-axis) and n (see also Table 5. There are four pairs of curves (Lauer-Loos 




Fig. 1. Empirical run-time comparison [sec.] 



algorithm (dotted line); power sum algorithm and modified post- processing step 
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(solid line)) showing from above the run-time results for n = 6, 5, 4, and 3 vari- 
ables. We see that the empirical asymptotic behaviour of the fast algorithm using 
power sums and the modified post-processing step is better than the Lauer-Loos 
algorithm in our average case run-time experiments. Whenever the total degree 
D is greater than approximately 2n, our method out-performs the Lauer-Loos 
algorithm. For smaller and medium sized problems {D < 2n) both algorithms 
perform almost the same. 

It would be of interest to know, whether a combination of both our fast 
rewriting technique and the component representation and arithmetic of Lauer 
and Loos is possible, and if so, if it leads to additional speed-ups during the 
reduction of symmetric functions. 

5 Conclusion 

We have seen by which means a fast rewriting of symmetric polynomials can be 
achieved. Our methods can compete with other well-known fast rewriting tech- 
niques without making use of a special data structure and polynomial arithmetic 
for symmetric polynomials. 

A generalization of the classical algorithm to arbitrary permutations groups 
G I leads to a representation of any / G Q[Aii, . . . , as a finite linear com- 
bination of special G-invariant orbits with symmetric polynomials as coefficients, 

i.e. 



/= ^ pt{ai,...,(7n) ■ orbitcit) 

t spec. 

with pt G Q[Aii, . . . , Xn]. It should not be too difficult — at least for permuta- 
tion groups with a small index l^nl/IGI — to speed-up this general algorithm by 
using a dynamic power sum representation for the coefficients of the linear com- 
bination. The Lauer-Loos algorithm for the generalization is already described 
and evaluated in 
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Abstract. Tree languages have been extensively studied and have many 
applications related to the rewriting framework such as order sorted spec- 
ifications, higher order matching or unification. In this paper, we focus 
on the implementation of such languages and, inspired by the Definite 
Clause Grammars that allows to write word grammars as Ltorn clauses 
in a Prolog environment, we propose to build a similar framework for 
particular tree languages (TTSG) which introduces a notion of synchro- 
nization between production rules. Our main idea is to define a proof 
theoretical semantics for grammars and thus to change from syntactical 
tree manipulations to logical deduction. This is achieved by a sequent 
calculus proof system which can be refined and translated into Prolog 
fforn clauses. This work provides a scheme to build goal directed proce- 
dures for the recognition of tree languages. 

Keywords: Tree Synchronized Grammars, Linear Logic, Proof Systems, 
Prolog Implementation 



1 Introduction 

Tree languages have been extensively studied and have many applications re- 
lated to the rewriting framework such as order sorted specihcations, higher or- 
der matching or unihcation, term schematization These languages can 

be handled either from the generation (i.e. grammars) or from the recognition 
point of view (i.e. automata). In this paper, we focus on the implementation of 
such languages. Of course, tree automata Q appear to be easily implementable 
tools for recognition, but, inspired by the implementation of Dehnite Clause 
Grammars Q that allows to write word grammars as Horn clauses in a Prolog 
environment, our aim is to propose a similar approach for particular tree lan- 
guages. This method is especially interesting concerning languages for which the 
notion of automaton does not exist. 

This paper does not address the implementation of all types of tree grammars 
but focuses on particular tree languages that have been developed to handle E- 
unihcation problems. i?-unihcation ^3 is known to be undecidable in general, 
but some decidable classes can be characterized by using tree languages 
Moreover, this approach has been extended to disunihcation problems (pre- 
sented at RTA’98). 



P. Narendran and M. Rusinowitch (Eds.): RTA’99, LNCS 1631, pp. 382-^^| 1999. 
(c) Springer- Verlag Berlin Heidelberg 1999 
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Basically, the idea is to describe solutions of iJ-unification problems by tree 
grammars instead of usual first order term substitutions. This allows to get finite 
representations (schematizations) of infinite sets of terms. But, the remaining 
point is to provide a framework to use these solution languages in practice. 

Tree synchronized grammars TTS'Ljhave been introduced in to extend 
decidability results for iJ-unification. Their main particularity is their notion of 
synchronization between production rules (i.e. some productions can be applied 
at the same time). For this reason, they can describe context sensitive languages 
such as {/(s"(z), s^"(z)) | n G N} : this simple example will be developed along 
this paper. 

Example 1 We want to define the language corresponding to {/(s”(z), s^"(z)) | 
n G IN} which is obviously not a regular language. The corresponding TTSG 
consists of the following production rules: 

Ro:I^f(X,Y) 

R\ : X => z 
R2-.Y ^ z 

Pi : {i?3 : ^ ^ s{X),Ri : F ^ s(s(F))| 

where X^ Y are non terminal symbols and /, s, z terminal symbols. Pi : 
{^3,^4} denotes that, using the pack of production P^ P3 and P4 have to be 
applied at the same time (synchronization). The axion^ is One possible 

derivation of this grammar is thus (where a is a new symbol): 

(/, #) f{{X, #), {Y, #)) f{s{{X, a)), s{s{{Y, a)))) 

=^fli f(s{z),s{s(Y,a))) f{s{z),s{s{z))) 

The second step of this derivation clearly illustrates the notion of synchro- 
nized production rules. 

It should be noticed that grammar derivations can only be used to generate 
elements of the language but not for the recognition of such elements. Moreover, 
there does not exist (as far as we know) any notion of automaton related to 
this class of tree grammars and thus there is no practical framework for the 
recognition of such languages. For this reason, we propose an approach that can 
be viewed as a general method which could be extended to various tree languages. 

^ Formally, TTSG means tree tuple synchronized grammars since they are dehned 
over tuples of trees. In this paper, we have decided to consider only trees instead of 
tuple of trees. The two points of view are indeed equivalent and this will be discussed 
in section 

^ Note that, the axiom and the derivation are in fact a bit sophisticated due to the con- 
trol of synchronizations. Basically, counters are associated to non terminal symbols 
to insure the integrity of the application of synchronized productions. Intuitively, 
only non terminals having the same level of synchronization can be used for the 
application of a pack of productions. This mechanism will be explained in section 
^^|and we refer the reader to for further details. 
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Another important point is that our translation allows us to transform the initial 
grammar problem into an applicative known framework (based on Forum and 
Prolog). 

The key idea of this paper is to define a proof framework to describe the 
behavior of tree grammars and therefore to provide a proof theoretical semantics 
for grammar derivations. In this context, we change from syntactic generation 
of tree to logical deduction (i.e. productions rules are translated into logical 
formulas and grammar derivations into logical inferences). Then, the membership 
test, for a language described by a grammar, just consists in proving a particular 
formula in a sequent calculus using a proof system. Now, we briefly describe the 
method. 

First, production rules are translated into logical formulas built over linear logic 
B to handle the problem of synchronization (this idea has been investigated in 
B). Then, a sequent calculus proof system, inspired by the proof system of ^ 3 , 
allows us to translate TTSG derivations into proof searches. 

Example 1 (following) 

We translate the previous TTSG into the following set of logical formulas: 

Fo : Vc(VXVr(z(/(X, y), c) o-x{X, c) 0 y(T, c))) 

Fi : 'ic{x{z, c) 0—1) 

F2 : Vc(y(z, c) o-l) 

F3 : Vc 3 nc((Vdf(a;(s(df), c) o-x{X, nc))) 0 (VV(g(s(s(V)), c) o-g(V, nc)))) 

where x, y are predicate symbols, X, Y variables and s, z function symbols. 
Actually, terminal symbols of the initial grammar are translated into predicate 
symbols and logical variables. The connectors o- and ® respectively denote the 
linear implication and multiplicative conjunction (see The counters are han- 
dled thanks to guantified variables (c and nc). A pack of synchronized productions 
IS transformed into a conjunction of formulas corresponding to the rules of the 
pack. A seguent calculus presented in sect*on ^3 defines the semantics of such 
a set of formulas. Thus, we are able to prove that the goal /(s(z), s(s(z))) can 
be deduced from the set of formulas Fq,Fi,F 2 and F3 (this means that this term 
belongs to the language). 

Note that this example could be transformed into linear logic formulas without 
counters. IFe keep this very simple example to give the intuition of our approach 
but more complex synchronized grammars issued from unification problems 
cannot be treated without these counters variables. 

The equivalence between the notion of grammar computation and our notion 
of proof is established by a correctness and completeness result. The last part 
of our work consists in refining this initial proof system in order to introduce 
notion of strategy in the proof search and thus to get a goal directed procedure. 
At this step, both transformation function and logical inference system can be 
easily translated into Prolog Horn clauses. 
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This paper is organized as follows : in section 2, we recall some basic definitions 
and notions related to tree synchronized grammars, first order logic and linear 
logic formalisms. The proof theoretical semantics for TTSG is introduced in 
section 3. The transformation of grammar productions into linear logic formu- 
las is defined as well as its associated sequent calculus proof system. Section 4 
describes how this proof system can be refined to get a more operational and 
easily implementable equivalent system. The implementation of this system is 
discussed in section 5 illustrated by an execution example. 



2 Preliminaries 



In this paper, we introduce different notions related to tree grammars and linear 
logic proof systems. We refer the reader to 



for more details. 



2.1 Tree Synchronized Grammars 

Tree grammars are indeed similar to word grammars except that basic objects 
are trees. Note that we slightly differ from the initial definition given in 
where the axiom of the grammar is given as a tuple of pairs of non terminals 
and counters. But obviously, tuples of size n can be constructed using a particular 
terminal symbol (_, ..., _) with arity n. Thus, the two points of view can be 

considered as equivalent. For the sake of history, we keep the name TTSG but 
we adapt the different definitions. 

Let T be a finite set of symbols (a signature), T(C) denotes the first-order alge- 
bra of ground terms over C. C is partitioned in two parts : the set T of terminal 
symbols, and the set M of non terminal symbols. Upper-case letters denote ele- 
ments of M . t\u denotes the subterm of t at occurrence u and <— u] denotes 
the term constructed by replacing in t the subterm t\u by v. G{Xi , ..., W„) de- 
notes a term with occurrences {l...n} such that G(Xi, ...,W„)|z = Xi. G will be 
called a context. We first define the notion of productions for TTSG. We require 
that n A/" = 0 and that each element of T U Af has a fixed arity. 

Definition 1. Prodnctions 

A production is a rule of the form X ^ t where X € Af and t S T(C) . A 
pack of productions is a set of productions denoted {Xi => ti, . . . , => t„}. 

— When the pack is a singleton of the form {Xi C(Yi, . . . , U„)} where G is 
a context of terminal symbols and Yi, . . . , non terminals. The production 
IS said free, and is written more simply Xi => GfYi , . . . , Yn). 

— When the pack is of the form {Xi => Yi , . . . , X„ Y„} where Yi, . . . ,Yn are 
terminals or non terminals. The productions of the pack are said synchro- 
nized. 
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We can then define the notion of TTSG. 

Definition 2. TTSG 

A TTSG IS defined by a 4-tuple PP,TI) where 

— T IS the set of terminals, 

— M IS the finite set of non terminals, 

— PP IS a finite set of packs of productions, 

— TI IS the axiom of the TTSG denoted where I is a non terminal and 

ff a new symbol added to the signature. 



Definition 3. Compntations of a TTSG 

The set of computations of a TTSG 

Gr = (tF,Af,PP,TI), denoted Gomp{Gr), is the smallest set defined by: 

— TI IS in Gomp{Gr), 

— ift IS in Gomp{Gr), = (X, c) and the free production X G(Yi, . . . , Yn) 
IS in PP then t[u <— C((Yi,c), . . (Yn,c))] is in Gomp(Gr), 

— if t IS in G omp(Gr) and there exists n pairwise different occurrences u\, . . . , 

Un oft such that Vz G Ci = a and the pack of 

productions {Xi => Yi , . . . , X„ => F"n} G PP, then t[ui <— (W , 5)] . . . [un <— 
(Y„,b)] (where b is a new symbol) is in Gomp{Gr). 

The symbol denoting also the above two deduction steps, a derivation of Gr 
IS a seguence of computations T/ => . . . =F 

As mentioned in the introduction, counters are introduced to control the ap- 
plication of the synchronized production rules. The previous definition imposes 
that only non terminals having the same control symbol can be used in a syn- 
chronized production. It should be noticed that TTSG were originally defined 
using tuple of counters. Here, as we already did, concerning tuples of terms in the 
definition of the axiom, we consider a single counter to control synchronization 
in order to simplify the presentation of the basic concepts. 

Definition 4. Recognized langnage 

The language recognized by a TTSG Gr, denoted Rec{Gr), is the set of tree 
composed of terminal symbols Gomp{Gr) H T{J-). 

2.2 Linear Logic and Seqnent Calcnlns 

We recall here some basic notations and notions related to first order and linear 
logics I ' I , and proof systems in sequent calculus | ' ^ | . 

Let us consider a first order logic signature S with V a countable set of 
variables, Sjr a finite set of function symbols with fixed arity and Ajv a finite 
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set of predicate symbols. V) denotes the first order term algebra built 

over and V and T(Eyr) denotes the set of ground terms. Atoms are, as usual, 
built over predicates symbols and terms. A substitution is a mapping from V 
to T{Ey^,V) which is extended to T{Ey^,V) . A substitution assigning f to a 
variable x will be denoted {a; <— t}. We introduce some linear logi(|notations : o- 
denotes the linear implication and ® denotes the multiplicative conjunction (see 
for the precise definitions of these connectives) . A formula A o— (g> . . . (g> Bn 
will be called a clause. The set E formula is the set of A-formulas built using 
atoms and the logic connectives. 

A sequent will be written as E : A ^ G where E is the signature, A a 
multiset of A-formulas and G a A-formula. A proof system consists of a set of 
inference rules between sequents. An inference rule is presented here as : 

E : A^G 
E' : A' ^ G' 

We use the classical notion of proof (i.e. there is a proof of a sequent in a proof 
system if this sequent is the root of a proof tree constructed using inference rules 
with empty leaves). 

3 From TTSG Computation to Proof Search 

In this section, we define the translation of grammar production rules into linear 
logic formulas. Then, designing a particular proof system, we show that usual 
grammar computations can be reduced to proof searches in sequent calculus 
using this system. 



3.1 Transforming TTSG into Linear Logic Formnlas 

Given a TTSG (T,Af,PP,TI), the set PP of production rules is partitioned 
into PP free the set of free production rules and PP sync the set of packs of 
synchronized production rules. We define now a transformation function T which 
is decomposed into two different mappings (corresponding respectively to the 
transformation of free and synchronized production rules) . 

Definition 5. Transformation fnnction T 

Let aj\f : M — > TV be the mapping that translates every non terminal symbol 
into a predicate symbol (to simplify, we will write ajy{N) = n). Let ay \ J\f ^ V 
be the mapping that transforms every non terminal symbol into a logical variable 
(we will write ay(N) = N). For the sake of readability, universal guantifications 
have been omitted. 

^ Intuitively, the key idea of linear logic we use here is that, when performing logical 
inferences, some hypothesis can be consumed. This means that, along a proof, some 
formulas are persistent (as in usual hrst order logic) but some formulas can only be 
used once. 
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Let : PP free — *■ LJ formula be the mapping that translate every free pro- 
duction rule into a S-formula and : PPsync LJformuia the mapping 

that translates every pack of synchronized production rules into a S-formula. 

Free productions 

Let N — > g{Ni, . . . ,Np) and N ^ t in PPfree- 
app,^^AN^g{N,,... ,Np)) 

= n(g{Ni, . . . ,Np),c) o-m{Ni,c) (g) . . . 0 Up{Np,c) 

^PPfreeiN ^ t) = n{t, c) 0-1 

Synchronized Productions 

Let S = {R \ P G PPsync L RG P} and {i?i; . . . ; i?„} G PPsync ■ 

, Rn}) = 3nc{(Ts{Ri, c, nc) (g . . . (g osiRn, c, nc)) 

where as '■ S x C x C ^ LJ formula is define^^ for N g{Ni,... , Np) and 
N t in S, as : 

as{N g{Ni, . . . ,Np),c,nc) 

= n{g{Ni, . . . , Np),c) o-m{Ni,nc) g . . . g rip{Np, nc) 
as{N — > t, c, nc) = n{t, c) o— 1 

Let = SjrUEjg and PP, TL)) = apPf^^^{PPfree)^crpp,y„APPsync) 

(in the following, S' will denote a set of formulas obtained from a TTSG and will 
be called a TTSG program). At this step, a particular sequent calculus defines 
the semantics of T. 



3.2 The Proof System FG 

In this section, we define a sequent calculus proof system inspired by the system 
Forum of D. Miller (as a consequence, our system FG is proved correct w.r.t. 
Forum (proof can be found in ^Q)). This initial system defines the basic proof 
theoretical semantics of a TTSG program T. 

Our proof system FG (Forum for Grammars) is defined by the following 
inference rules. 

Definition 6. The FG system 



[ 1 ] 



A : 



1 



^ The set C denotes a set of counters (i.e. new symbols which are not in the current 
signature). 



On Implementation of Tree Synchronized Languages 389 



[Sync] 

r, a : Ci9, ... ,Cr9,A^G 
S: A^G 

where Vc3nc(Ci ® . . . (g) Gr) S >?', 9 = {c (3,nc a}, (3 ^ S, a ^ S. 

[Back !] 

B : Ai -I- Aicr . . . S : Ap Apa 
B : Z\i, . . . , Ap^G 

where G = {H o— Ai ® . . .® Ap) € S' and Ha = G. 

[Back ?] 



B : Ai —> Aia . . . B : Ap — > Apa 
B '. [H o — Ai 0 • • • 0 ^p) : ^ 1 ? ■ ■ ■ 7 ^p — 

where Ha = G. 

Comment, s : It should be noticed that we distinguish free production rules and 
synchronized production rules (see the definition of the transformation function 
in section^^. Clearly free productions appear as clauses H o—Ai 0 ... C) An 
and packs of synchronized productions appear as formulas Vc3nc(Ci ® ...® C„) 
where the C^’s are Ho-Ai®...®An and are called linear clauses (in the following 
linear clause will always refer to a clause generated by synchronization rules). 
Clauses corresponding to free productions in S' are persistent along the proof 
and are used in the inference [Back !] (this corresponds to a step of the grammar 
derivation using this free production) . The treatment of a pack of synchronization 
is performed thanks to the rules [Sync\ and [Back ?]. The first step consists in 
generating the formula corresponding to this pack in A (rule [Sync\). The control 
is insured by the instantiation of the counter variables with new symbols added 
to the signature B in rule [Sync\. Since A is the linear logic part of our system, 
the linear clauses will be consumed when used by rule [Back ?] (in the philosophy 
of linear logic). This insures the integrity of the synchronization and the control 
of the simultaneous application of the different productions of this pack. [Back!] 
and [_Bacfc!] lead to branching in the search tree. 

The correctness and completeness of FG w.r.t. the notion of TTSG computation 
is insured by the following theorem. 

Theorem 1. Correctness and completeness of FG 

Given a TTSG {F,Af,PP, the corre, spending TTSG program F and 

t € T(B^), (Bip, ^ ajg(I)(t, =ff)) has a proof in FG w.r.t. the TTSG program 
F if and only if ((/, ff) t). 

Proof. Due to a lack of space, we refer the reader to for the proof. □ 
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Example 1 (following) 

We bmld the derivation tree for the TTSG program 'P (Sxp is omitted in 
the left hand side of the sequents of the following proof in order to simplify the 
notation, we only mention the new symbols added to the signature along the proof 
and universal quantifiers are omitted in the sequents) : 

{ Fo : Vc(VXVr(z(/(X, Y),c) o-x{X, c) (g) y(Y, c))), 

Fi : Vc(a;(z, c) o— 1), 

F2 : Vc(j/(z,c) 0-1), 

F3 : Vc 3 nc((VX(a;(s(X), c) o-x{X, nc))) 0 (VY (y(s(s(Y)), c) o-y{Y, nc))))} 



< 5 i 



#, fi : x(s(X), #) o-x{X, fi),y{s{s{Y)),#) o-y{Y, fi) 



where 



# *(/(s(2),s(s(z))),#) 



<5i : < 

\ 

and 

/ 



[Back !] Fi 

#,fi:^ x{z,fi) 

[Back ?] 

#,/3 : x{s{X),ff) o-x{X,fi) x{s{z),#) 

1 



<52 : 



[Back !] F2 

#,fi:^ y(z,fi) 

[Back ?] 

#, fi : y{s{s{Y)),#) o-y{Y, fi) ^ y(s(s(z)), #) 



62 

[Back !] Fq 

• Kfisiz),s{s{z))),ff) 
[Sync] F3 



4 From Linear Logic to Prolog 

From an operational point of view, it appears clearly that the previous system 
FG does not provide any strategy for a proof search (especially concerning the 
use of the rule [Sync]). Furthermore, a refinement will help us to get the im- 
plementation of the system. Therefore, we define a goal directed proof system 
FC^" with the following inference ruleij 

Definition 7. The FG‘^'^^ system 



[Back 

X: ((Z\i^Gi),...,(Z\,_i^G,_i), 

(A[ Aicr ), ... Apa), 

{e^i+l Gi+i), . . . , (Z\„ — *■ G„)) 

i 7 :((Z\i^Gi),...,(Z\„^G„)) 

We dehne the set operator W as l+)i<i<„Ti = Ui<i<„Ti such that SI < i, j < n,i fi 
j, Ai n Aj = 0. 



5 
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if H o—Ai 0 ... 0 Ap S S', there exists a substitution a such that Ha = Gi 
and Ai = Wi<fc<pL\'j,. 

[Back 

S: ((Z\i^Gi),...,(A_i^G,_i), 

(A[ Aia), ... ,{A'p^ Apa), 

i^i+l Gi+i), . . . , {An —> G'n)) 

^:((Zii^Gi),...,(Z\„^G„)) 

if C = {H o—Ai ® ® Ap) G Ai, there exists a substitution a such that 

Ha = Gi and Ai \ {G} = l±)i<fc<pZ\'j.. 

[Sync+'^"] 

S, a : ((Z\i U Z\" ^ Gi), . . . , (Z\,_i U Z\"_i ^ G,_i), 

U A'f ^ Glia), . . . , (Zi; U a;' ^ Glpa), 

(Zl,+i U Zl'Vi ^ G,+i ), ... ,{An\JA'f^ Gn)) 
((Zli^Gi),...,(zi„^G„)) 

*/Vc3nc(Gi 0 . . .®Gr) G S', 1 < j < r,GjO = {H o-Ai® . . .®Ap),Ha = Gi, 
Ai = Wi<fc<pZ\'j., {G\0, . . . ,Gj-i9,Gj+iO, . . . ,GrO} = (l±li<fc(^j)<„Z\)') l±l 
(Wi<fc<pZ\)'') , (3 € S, a ^ S and 9 = {c ^ (3,nc ^ a}. 

[Syncl^^"] 

S, a : ((Z\i U Z\'i ^ Gi), . . . , (Z\,_i U A{_, ^ G,_i) 

(Zli+l U A'i^i Gi+i), . . . , (Z\„ U A'n Gn)) 
((zii^Gi),...,(zi„^G„)) 

*/ Vc3nc(Gi ® . . .® Gr) G S', 1 < j < r, Gj9 = {H o— 1), Ha = Gi, Ai = 0, 
{Gi0, . . . , Gj_i0, Gj+ 10 , . . . , Gr0} = (l±li<fc(^j)<„Z\)_) , P G S, a ^ S and 
9 = {c^ P,nc^ a}. 

[Axiom 1'^*’'] 

i7:((Z\i^Gi),...,(A_i^G,_i), 

(Z\i+1 ^ Gi+i), . . . , (Z\„ ^ Gn)) 

H: {{Ai^Gi),... ,{An^Gn)) 

if H 0—1 G S', Ai = tb and there exists a substitution a such that Ha = Gp 
[Axiom 

r:(Z\i^Gi),...,(A_i^G,_i), 

(Zli+l — > Gi+i), . . . , (Z\„ ^ Gn) 

H: {Ai^Gi),... ,{An^Gn) 

if Ai = {H 0 — 1 }, there exists a substitution a such that Ha = Gi. 
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The equivalence of the two systems is insured by the following theorem : 

Theorem 2. ^ FG 

There exists a proof of a sequent in the system FG if and only if there exists a 
proof of this sequent in the system FG'^" . 

Proof. This proof is inspired by The first step of the proof is to define a 
notion of restricted proof : a proof is said to be restricted if all the instances of 
the rule [Sync] are at the root of the proof tree. This amounts to generate all 
the synchronizations before using them. We can prove that if there exists an FG 
proof then there exists a restricted FG proof (see figure below). 



Sync 

Restricted Proof 

From proof to restricted proof 

The second step of the proof is to define a notion of ordered linear proof : a linear 
proof is ordered if the order of synchronizations corresponds to the order of use of 
the clauses generated by the corresponding synchronizations. The transformation 
of the proof tree into a linear proof tree is achieved by recombining the different 
branches of the proof tree into a single derivation thanks to a reformulation of 
the sequent calculus proof system (see figure below). The intermediate system 
FG^^^ is proved equivalent to the initial system FG by induction. 






FGlin 



From restricted proof to linear proof 



The last step of this proof consists in giving the strategy for the use of the syn- 
chronization rule. In fact, synchronizations will be only generated when needed 
(see figure below). Of course, FG'^" is proved equivalent to FG^^'"^ by induction 

□ . 
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From linear proof to goal directed linear proof 

We have to mention here that this system provides a goal directed approach for 
the recognition of an element of a tree language defined by a particular TTSG. 
This kind of operation is not possible using the initial definition of a TTSG 
derivation which gives a method to produce elements of the language but does 
not give any strategy to recognize an element. 

The introduction of unification and variable renaming in the system FG'^" 
would also insure the generation of the element of the language. This has to 
be formally proved thanks to a lifting lemma (as it is done for the SLD resolu- 
tion of Prolog ^3). As a consequence, the generation is available in the Prolog 
implementation of our system described in the next section. 

Concerning the decidability of our approach, it is clear that problems en- 
countered with DCG’s appear here (mainly due to left recursions and empty 
transitions). Since Prolog is the underlying framework, the problems related to 
its depth left first strategy also occur. Thus, termination of our method depends 
on this search strategy. 

5 Implementation Issue 

This section briefly describes how the implementation can be achieved from the 
previous inference system. At this time, a library is able, taking a TTSG as 
input, to provide, as output, a predicate phrase_ttsg which can recognize or 
generate a term for this TTSG from the axiom. The implementation of the 
method described along this paper can be divided in two parts : the translation 
of the grammar into linear logic formulas (described in section and the 
implementation of the proof system FG'^" in Prolog. The following presentation 
of this implementation is related to the example J 

5.1 Management of Signatnre and Linear Context 

The extension of the signature (i.e. new symbols introduced by existential quan- 
tifiers of synchronization) is inspired by the management of essentially universal 
quantifier (quantifier pi in the body of clauses) of AProlog | : only the cardi- 
nality of this extension is needed. 

The management of linear clauses is meta-programmed by a linear program con- 
tinuation LPC (i.e. a set containing the remaining linear clauses introduced by 
instances of or [Syncl] which have to be used later). This technique 

is inspired by the management of intuitionistic implication of AProlog 
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5.2 Transformation Fnnction 

The transformation is illustrated here by the implementation of the clause Fq 
which corresponds to the free production Rq. 

i(C, f(X, Y), Sigmain, SigmaOut, Deltain, DeltaOut) 

x(C, X, Sigmain, Sigmainter, Deltain, Deltainter) , 
y(C, Y, Sigmainter, SigmaOut, Deltainter, DeltaOut). 

Sigmain, Sigmainter and SigmaOut represent the cardinality of the extension 
of the signature. Deltain, Deltainter and DeltaOut represent the LPC. 

5.3 Implementation of the Proof System in Prolog 

The inference rules [Back !] and [Axiom !] are handled by the reduction mech- 
anism of Prolog. 

The inference rules [Back ?] and [Axiom ?] are implemented by a meta-program- 
ming of Prolog by the predicate linear over the linear program continuation. 

linear (PredicatSymbol , C, Term, Sigmain, SigmaOut, 

[C_j I Cj_plus_l_Cm] , Cl_Cj_minus_l , DeltaOut) 

C_j = (Head Body), 

Head =.. [PredicatSymbol, C, Term, Sigmain, SigmaOut, 

Cl_Cm_but_Cj , DeltaOut] , 

append(Cl_Cj_minus_l , Cj_plus_l_Cm, Cl_Cm_but_Cj ) , 
call(Body) . 

The linear clause C_j is meta-interpreted and then discarded from the linear 
program continuation : Cl_Cm_but_Cj = Cl_Cj_minus_l l±l Cj_plus_l_Cm (see 
append predicate). A recursive prolog clause is added for the program continu- 
ation traversal. 

The inference rules [Sync+‘^'^'^] and [Syncl] are implemented in a similar way as 
respectively [Back !] and [Axiom !] but with an increase of the linear program 
continuation by the linear clauses introduced by the synchronization. 

The prolog clause below corresponds to the implementation of for the 
translation of the pack of production {X => s{X),Y => s(s(T))} : 

(Vc3nc((Vdf(a;(s(df), c) o -x{X, nc))) (g) {^Y (y{s{s{Y)) , c) o -y{Y, nc))))). 

x(C, s(X), Sigmain, SigmaOut, Deltain, DeltaOut) 

NC is Sigmain + 1, 

Cy = (y(C, s(s(Y)), SI, SO, DI, do) y(NC, Y, SI, SO, DI, DO)), 
x(NC, X, NC, SigmaOut, [Cy I Deltain] , DeltaOut). 

The linear clause (ts(Y ^ s(s(F)),0,l) = (VF(j/(s(s(T)), 0) o — j/(T, 1))) is 
implemented by Cy added to the linear program continuation. 

® There is of course a symmetrical clause for y. 
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5.4 Reduction Strategy 

Due to the leftmost selection rule and the depth-first search strategy of Pro- 
log the reduction strategy is a left-outermost strategy. This is illustrated by 
the trace below for the goal phrase_ttsg(f (s (z) , s (s (z) ) ) , i) (the clause 
(y(0, s(s(Y)), SI, SO, DI, DO) Y, SI, SO, DI, D0))is denoted 

Cy). The first column is the (simplified|| prolog trace, the second one contains 
the linear program continuation and the third one the term already recognized. 



phrase_ttsg(f (s(z) ,s(s(z))) ,i) 


LPC 




i(0,f (s(z) ,s(s(z)))) 


{} 


(1,0) 


x(0,s(z)) ,y(0,s(s(z))) 


{} 


f((X, 0), (Y, 0)) 


x(l,z) ,y(0,s(s(z))) 


{Cy} 


f(s((X, D), (Y, 0)) 


y(0,s(s(z))) 


{Cy} 


f(s(z), (Y, 0)) 


y(i,z) 


{} 


f(s(z), s(s((Y, 1)))) 




{} 


f(s(z), s(s(z))) 



The source code of this implementation is available at : 



http : //www . inf o . univ-angers . fr/pub/ stephan/Research/Download . html. 



6 Conclusion and Future Work 

In this paper, we describe an implementation scheme for a particular type of 
tree language including synchronization features (TTSG). The main idea is to 
provide a framework in order to compute over tree grammars. As it has been 
done for word grammars with DCG we propose a transformation method that 
allows us to get a set of Prolog Horn clauses from a grammatical definition of a 
tree language. This method consists in translating grammar derivation into proof 
search using a sequent calculus proof system based on linear logic. By successive 
refinements, we get a goal directed procedure implemented in Prolog. Since such 
tree languages appear as powerful tools for the schematization of sets of terms 
to represent solutions of symbolic computation problems, it seemed necessary to 
define a method to use these representations. Moreover, our approach provides 
an uniform framework for the implementation and combination of different tree 
languages. 

This general approach is only illustrated here for TTSG but could be ex- 
tended to other particular tree languages such as primal grammars ^ or Q for 
which the notion automaton does not exist (as far as we know) and does not 
seem to be obvious to deduce from the grammatical definition. 

Concerning basic operations on languages (such as intersection) it will be 
interesting to study how these operations can be achieved through combination 
of proofs. 

^ In the real system, variables are denoted as in Prolog (i.e. of the form _1234). For 
the sake of readability, explicit names have been introduced and meta-programming 
arguments have been discarded. 



396 F. Saubion, I. Stephan 



Acknowledgments. We would like to thank the anonymous reviewers for their 

helpful comments. 

References 

1. P. Brisset. Compilation de XProlog. PhD thesis, These de doctorat de I’universite 
de Rennes, 1992. 

2. J. Cohen and T.J. Hickey. Parsing and compiling using prolog. ACM Transactions 
on Programming Languages and Systems, 9(2):125-163, 1987. 

3. H. Comon, M. Dauchet, R. Gilleron, D. Lugiez, S. Tison, and M. Tommasi. Tree 
Automata Technigues and Applications. 1997. 

4. J.-Y. Girard. Linear logic, its syntax and semantics. In Regnier Girard, Lafont, 
editor. Advances in Linear Logic, number 222 in London Mathematical Society 
Lecture Notes Series, pages 355-419. Cambridge University Press, 1993. 

5. Jean-Yves Girard. Linear Logic. Theoretical Computer Science, (50):1-102, 1987. 

6. P. De Groote and G. Perrier. A Note on Kobayashi’s and Yonezawa’s "Asyn- 
chronous Communication Model Based on Linear Logic ". Formal Aspects of 
Computing, 10, 1998. 

7. Y. Guan, G. Hotz, and A. Reichert. Tree Grammars with Multilinear Interpreta- 
tion. Technical Report FB14-S2-01, 1992. 

8. M. Hermann and R. Galbavy. Unihcation of inhnite sets of terms schematized by 
primal grammars. Theoretical Computer Science, 176, 1997. 

9. J. S. Hodas and D. Miller. Logic Programming in a Fragment of Intuitionistic 
Linear Logic. In Proceedings of LICS’91, pages 32-42, 1991. 

10. S. Limet and P. Rety. E-Unihcation by Means of Tree Tuple Synchronized Gram- 
mars. Discrete Mathematics and Theoretical Computer Science, 1:69-98, 1997. 

11. S. Limet and P. Rety. Solving Disequations modulo some Class of Rewrite System. 
In T. Nipkow, editor. Proceedings of 9th Conference on Rewriting Technigues and 
Applications, volume 1379 of LNCJS, pages 121-135. Springer Verlag, 1998. 

12. S. Limet and F. Saubion. Primal Grammars for i?-unihcation. In PLILP/ ALP’98, 
number 1490 in LNCS. Springer- Verlag, 1998. 

13. J.W. Lloyd. Foundations of Logic Programming. Symbolic Computation series. 
Springer Verlag, 1987. 

14. Dale Miller. A Multiple-Conclusion Meta-Logic. In LICS 1994, pages 272-281, 
1994. 

15. G. Plotkin. Building-in equational theories. Machine Intelligence, 7:73-90, 1972. 

16. F. Saubion and 1. Stephan. Grammaires TTSG et Systeme 

FG. Technical report, 1998. Available at http://www.info.univ- 

angers.fr / pub / saubion/Research /Download. html. 

17. 1. Stephan. Nouvelles fondations pour la pjrogrammation en logigue disjonctive. 
PhD thesis. These de doctorat de I’universite de Rennes, 1995. 




Author Index 



Baader, F., 175 
Bachmair, L., 190 
Blanqui, F., 301 

Caron, A.-C., 103 
Clavel, M., 240 
Courcelle B., 90 

Dershowitz, N., 16 
Di Cosmo, R., 75 
Dowek, C., 317 
Duran, F., 240 

Eker, S., 240 

Ferreira, M.C.F., 286 
Frougny, C., 356 

Ciesl, J., 271 
Cobel, M., 371 
de Croote, Ph., 45 
Cuerrini, S., 75 

Hardin, T., 317 
Hofbauer, D., 205 
Huber, M., 205 

Jouannaud, J.-P., 301 

Kepser, S., 248 
Kirchner, C., 317 

Lopez-Fraguas, F.J., 244 
Limet, S., 118 
Lincoln, P., 240 

Marcinkowski J., 92 
Marti'-Oliet, N., 240 
Meseguer, J., 240 
Middeldorp, A., 271 
Mitra, N., 16 

Nagaya, T., 256 
Nieuwenhuis, R., 1 

Okada, M., 301 
van Oostrom, V., 60 
Otto, F., 332 



Quesada, J.F., 240 

Rety, P., 118 
van Raamsdonk, F., 220 
Ramakrishnan, C., 190 
Ramakrishnan, I.V., 190 
Ribeiro, A.L., 286 
Richts, J., 248 
Rivero, J.M., 1 
Rubio, A., 133 

Sanchez-Hernandez, J., 244 
Sakarovitch, J., 356 
Saubion, F., 382 
Senanayake, S., 252 
Seynhaeve, F., 103 
Stephan, I., 382 
Stuber, J., 148 

Tinelli, C., 175 
Tison, S., 103 
Tiwari, A., 190 
Tommasi, M., 103 
Touzet, H., 163 
Toyama, Y., 256 

Verma, R., 252 
Visser, E., 30 




